A BZ Media Publication 



SOFTWARE DEVELOPMENT - 




The Industry Newspaper for Software Development Managers 




AUGUST 1, 2007 • ISSUE NO. 179 



www.sdtimes.com • $7.95 



Study Predicts Upswing 
In Dynamic Language Use 



BY ALEX HANDY 

A new study from Forrester 
Research explores how the use of 
dynamic languages and the 
frameworks associated with 
them will change corporate soft- 
ware development. 

The study, which should be 
released in August, is based pri- 
marily on the work of Forrester 
senior analysts Jeffrey Ham- 
mond and Michael Goulde. 
During their research, the pair 
discovered that, although the 
current boom in the use of 
languages such as Ruby, PHP 



and Python may resemble the 
Visual Basic boom of the 1990s, 
this time there are some dis- 
tinct differences. 

"These dynamic languages 
are creating very strange bedfel- 
lows," said Hammond. "With 
these languages, some are open 
source, and in some cases you 
have multiple commercial ven- 
dors pushing on a single lan- 
guage. You've got Sun with JRu- 
by and Microsoft with IronRuby 
Having these traditional vendors 
cooperating and collaborating 
around these languages is inter- 



esting. It's not your traditional 
.NET versus Java battle." 

Currently, dynamic languages 
aren't in widespread corporate 
use, Goulde explained. For this 
reason, he and Hammond decid- 
ed to look into the reasons why 
corporations have, thus far, been 
left out of the dynamic language 
typhoon that has overtaken the 
casual Web. 

"The reason behind this," 
Hammond noted, "is we've 
increasingly been seeing a real 
split in the types of languages 
and programming [that] people 



are doing outside the firewall 
and the types they're using inside 
the firewall. This study was an 
attempt to drill into the reasons 
we see so many people in the 
Web world using these dynamic 
languages. Why is it that we see 
so much PHP and Perl and 
JavaScript out in the Web, and 
yet we see almost nothing of 
these languages inside the [cor- 
porate] firewall?" 

But during the course of their 

studies, the pair found that 

dynamic languages aren't being 

continued on page 27 ► 



Keeping Code Secure: 

Should Government Get Involved? 



BY JENNIFER DEJONG 

The application security market 
got a shot in arm earlier this 
summer when IBM announced 
plans to buy Watchfire, and 
Hewlett-Packard followed suit, 
declaring its intention to 
acquire SPI Dynamics. 
The entry of big players 
into a market made up of small 
startups is likely to boost 
the credibility of a message 
that application security tool- 
makers admit hasn't yet fully 
taken hold: The key to keeping 
applications secure is writing 
code that is inherently harder 
to attack — not just blocking 



ANALYSIS 



intruders at the network door. 

That prompted SD Times to 
ask toolmakers whether a boost 
of another kind is in order: 
Should government specify 
standards for application securi- 
ty and serve as a certify- 
ing authority? 

"There is nothing 
from government that says, This 
is how you find out whether a 
Web site is secure.' How is a con- 
sumer supposed to know?" said 
Cenzic vice president of market- 
ing Mandeep Khera. "But how 
much can [government] man- 
date? And will the private sector 
listen?" he wondered. 



Most of the toolmakers inter- 
viewed said government is high- 
ly unlikely to set such a standard, 
nor do they want it to do so. "I'd 
be shocked, and it would be very, 
very hard to do, because the 
making of software affects every 
industry," said Fortify co- 
founder and chief technology 
officer Roger Thornton. 

"I don't think government 
should set a standard," added 
SPI Dynamics co-founder and 
chief technology officer Caleb 
Sima. "They have lagged behind 
[the private sector] in application 
security." 

But many of the toolmakers 




Prior to taking the helm of the 
DHS Office of Cyber Security and 
Telecommunications, Greg Garcia 
worked for trade association ITAA. 

said a government-sponsored 
public awareness campaign to 
make Web shoppers more secu- 
rity-sawy could help to hold Web 
continued on page 29 ► 



Microsoft 
Seeks Ecma 
OK on XPS 

Critics allege 
Redmond casts 
a heavy shadow 

BY DAVID WORTHINGTON 

It's not easy being Microsoft's 
standards-bearer, as Ecma Inter- 
national has found. When it began 
drafting an XML-based electronic 
paper specification, Ecma was the 
subject of cacophonous criticism, 
even before its work started. 

Ecma formed Technical 
Committee 46 (TC46) at its June 
28 General Assembly meeting 
and charged it with producing a 
formal standard for an XML- 
based electronic paper format 
and page description language, 
each based upon Microsoft's 
XML Paper Specification (XPS). 

Microsoft calls XPS a plat- 
form-independent document 
storage and typesetting specifica- 
tion, although the only imple- 
mentations to date run on Win- 
dows. It has been viewed as a 
competitor to Adobe Systems' 
Portable Document Format 
(PDF), which Adobe submitted 
to the Association for Informa- 
tion and Image Management 
(AIIM) in February, for eventual 
standardization by the ISO. 

Windows Vista and the Office 
2007 productivity suite have native 
support for XPS, and there are sev- 
eral independent implementations 
trailing back to Global Graphics 
continued on page 26 ► 
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Adopters, Avoiders Assess GPLv3 

New version of open source license draws praise, ire from all sides 



BY ALEX HANDY 

With GPL version 3 finally 
complete, software developers 
and development houses are 
taking a close look at the next- 
generation open source 
license. 

Although it seems everyone 
has an opinion on the license, 
the GPLv3 most directly 
affects those in the Linux com- 
munity, those associated with 
the recently open-sourced 
Java platform, and two compa- 
nies whose actions forced a 
last-minute redraft of the 
license terms, Microsoft and 
Novell. 

For those developers in the 
first two categories, the prima- 
ry question around GPLv3 is: 
Should we switch? But for 
Microsoft and Novell, the 
GPLv3 was meant to have a 
much more direct and person- 
al meaning — one that Micro- 
soft has already denied applies 
to itself. 

While the Linux communi- 
ty holds its fierce internal 
debate on the possibility of 
switching to GPLv3, some 
projects have already made 
the transition. At press time, 
software compliance vendor 
Palamida's GPLv3 Web page 



'At the end of the day you have to ask, "Who 
is this for?" There are a lot of aspects of it 
that really don't affect the typical company 
that uses open source. ' 

—Michael Goulde, senior analyst at Forrester 



listed 122 projects that had 
made the switch. However, 
many of these projects are in 
the early stages of develop- 
ment. Others, such as mtPaint 
and Inetutils, are smaller 
packages with little main- 
stream. But the Samba pro- 
ject, whose tools for Windows 
interoperability have no paral- 
lel among open source pro- 
jects, announced in mid-July 
that it would adopt the new 
license for its version 3.2, 
while the 3.0 track would 
remain under GPLv2. 

For Red Hat, the debate on 
whether or not to switch the 
Linux kernel to GPLv3 seems 
to be over. While Red Hat is 
far from the only decision- 
maker in that process, the 
company posted a blog on its 
press site that praised the 
GPLv3 for addressing patent 
litigation issues. Judging from 
the company's praise of the 



Free Software Foundation, it 
would seem that Red Hat has 
no nits to pick with the license. 

"Red Hat believes our end 
user customers will benefit 
from several of the new provi- 
sions in GPLv3, including the 
patent license provisions. Red 
Hat will continue to contribute 
to projects that migrate from 
GPLv2 or other licenses to 
GPLv3, and we will look to 
include GPLv3-licensed pro- 
jects in our future distribu- 
tions," read a blog attributed to 
Red Hat's intellectual property 
team. 

The leadership of Sun 
Microsystems also appears to 
be happy with GPLv3, based 
on a statement the company 
issued shortly after the final 
release. "Sun believes the 
GPLv3 revisions represent 
important steps in the evolu- 
tion of the Free software 
movement," it read. "In partic- 



ular, it clarifies language that 
was unclear in GPLv2 and 
addresses many issues that did 
not exist when GPLv2 was 
written more than 15 years ago, 
and thus provides a firmer 
basis for certainty in the inter- 
pretation of the license," the 
statement continued. 

REDMOND'S RESISTANCE 

On the other side of the fence, 
however, Microsoft's state- 
ments regarding the GPL were 
significantly more hostile. 
GPLv3 includes, for the first 
time, a clause that could penal- 
ize Microsoft for distributing 
service and support licenses for 
Novell's SUSE Linux. 

"While there have been 
some claims that Microsoft's 
distribution of certificates for 
Novell support services, under 
our interoperability collabora- 
tion with Novell, constitutes 
acceptance of the GPLv3 
license, we do not believe that 
such claims have a valid legal 
basis under contract, intellectu- 
al property, or any other law," 
read the Microsoft statement. 
"In fact, we do not believe that 
Microsoft needs a license under 
GPL to carry out any aspect of 
its collaboration with Novell, 



IBM Hopes 'Zero' Becomes Hero 

Incubator project focuses on creation of dynamic Web applications 



BY JEFF FEINMAN 

Agile development has been 
around for a while, but IBM is 
trying something new with Pro- 
ject Zero, an incubator project 
focused on dynamic Web appli- 
cations. The Project Zero — as 
in "zero unnecessary over- 
head" — environment includes a 
scripting runtime for Groovy 
and PHP, with APIs optimized 
for producing REST-style ser- 
vices, integration mashups and 
rich Web interfaces. 

IBM has created an online 
Web community at projectzero 
.org, where developers can 
download the platform and help 
develop Project Zero with criti- 
cisms and suggestions. The 
company calls the process 
"Community-Driven Commer- 
cial Development" and will 
eventually provide members 
with the means to share reusable 



components while retaining 
ownership. 

Project Zero has been tested 
with Microsoft's Windows XP 
and Novell's SUSE Enterprise 
Linux Server 10, although it may 
run on other operating systems. 
Developers are encouraged to 
use Eclipse as an IDE for Zero 
applications, and download sam- 
ple applications from the pro- 
ject's site. Zero applications can 
connect to any database that is 
accessible with Java Database 
Connectivity (JDBC) drivers. 

Jerry Cuomo, CTO of IBM 
WebSphere and IBM fellow, 
explained that Project Zero 
uses scripting as a way to write 
applications with quick turn- 
around. He argued that the 
level of understanding re- 
quired to build object-oriented 
code makes the resulting appli- 
cation useful over time but 



hard to develop quickly. Script- 
ing may not be elegant, but it 
can get the application done, 
he said. 

Project Zero's source code 
will be publicly available, though 
IBM will not release it under an 
open source license. IBM has 
taken some criticism from devel- 
opers because of this, Cuomo 
admitted. However, he contin- 
ued, the company is bringing its 
development processes into the 
open, and he pointed to the 
social and collaborative aspects 
of Web 2.0 development as an 
asset to be nurtured. 

"A lot of people associate 
'open' with Tree'... there's a 
whole mentality and develop- 
ment interaction around build- 
ing things in the open," Cuomo 
noted. The business side of 
things has to be kept in mind, he 
conceded, but opening up the 




IBM has been criticized for its 
decision not to release Project 
Zero's code under an open source 
license, says WebSphere's Cuomo. 

process itself through blogs and 
wikis has proved beneficial. 
"Depending on the technology 
and what our objectives are, 
we'll license accordingly." I 



including its distribution of sup- 
port certificates, even if Novell 
chooses to distribute GPLv3 
code in the future. Further- 
more, Microsoft does not grant 
any implied or express patent 
rights under or as a result of 
GPLv3, and GPLv3 licensors 
have no authority to represent 
or bind Microsoft in any way," 
the company noted. 

While the Microsoft state- 
ment does deny that the 
GPLv3 applies to any of its 
current business agreements 
with Novell, the company also 
announced in early July that it 
would not be extending the 
terms of any of its Novell-pro- 
vided support coupons to 
apply to GPLv3 software. 

"At this point in time," read 
the statement, "in order to 
avoid any doubt or legal 
debate on this issue, Microsoft 
has decided that the Novell 
support certificates that we 
distribute to customers will 
not entitle the recipient to 
receive from Novell, or any 
other party, any subscription 
for support and updates relat- 
ing to any code licensed under 
GPLv3. We will closely study 
the situation and decide 
whether to expand the scope 
of the certificates in the 
future." It's not clear exactly 
how such a limitation might be 
enforced, and Novell spokes- 
person Bruce Lowry, on a 
company blog, responded to 
Microsoft's claim of a limit on 
support by stating that the 
company was committed to 
honoring all such certificates, 
and agreeing generally with 
Microsoft's statement that the 
two companies' agreement 
was not subject to GPLv3. 

Michael Goulde, senior 
analyst at Forrester, thought 
that Microsoft's statement was 
likely designed to spread fear, 
uncertainty and doubt, and he 
questioned the validity of its 
claims. "The whole thrust 
there is to address software 
patents, which were much less 
of an issue in 1991 when 
GPLv2 was created," he said. 
"At the end of the day you 
have to ask, 'Who is this for?' 
There are a lot of aspects of it 
that really don't affect the typ- 
ical company that uses open 
source, so they won't spend 
their time worrying about it." I 



V " ''• 



W.Acinbc 

Tl, - 



fhtc,inrr dl , 
railed.. 






lv (j"i 



■'■■': 



BMcn&ignjs* 
">rt rutin lUee „ 



d 






IX) 



I S £R*NA AW „ n0 outDf . CHApTH 

Navigating 

APPL,CAT,ON UFECYCLE MANAGEMENT 




<f 



THIS IS NOT GOOD 



99 



FIG. 9.-CWTAJN BUND4IDED AS FOG SETTLES OVER DEVELOPMarr »» 

N^ing ,-oppllc.lo. dev.bpr,^ cgro,* ((HJsr rhan „ ^ gJgSJJ^ PB ° CESS ' 

WHEN ALM SENDS AN S.O.5. 

A ««v ^ tfitenil for a PP ikati „ s U hitting FT, W organ is^, 
need to respond feiter, smarter, and more c 0S r-effectivefy than ever 
That's a challenge when you ve got «. manage a portfolio of proicrts 
coordinate dirtributed development team, running multiple tools 
.nd-of cour«:^ deliver for ynt,r use*. Serena is the world's |J est 
company dedicated solely to enterprise Application LiikydelV] an ^ racn , 
Let us hdp you navigate the complexities oi software development in 
today s enterprise waters* 



ykuauie fti 

KITING ht(HJWEMjE*Tb 

RIGHT THE FIRJ1 TIMI 



""■Jfl^nanfuyf 



SERENA ALM WEBINAR SERIES 



LHILYE3E aUfilNEU-OHNGINfi 

SOfTfflUtE, WTt« 

Haw ,o a*! ihe rlghl 

peo^ihg on R14 rl^il 

piQ(«cF£ -ar rTici ■Ighr rim* 



THE lUlD TD 
IT HUiLEhtf 

Haw BtU rEd'JOfd Dosri^ 



TWO HT0B1D5 CQEJJDE 
Thfi *cilu* oi tMriblnirirj 

FFW and ALMi 
Tin P-tfp p#he*dtfv» 



HDW InlTE&ftATION 

OF ALM AMD FPffl 

PflOVIDlS BETTlfl VISIBILITY 

INTO APf> LEV 



ol Applxorian lifocyid* 



build better APP&. start here: iv iviv. ser eit a. ca m/ALMivebina rs cries 



www.sdtimes.com 



. Software Development Times . August 1, 2007 



NEWS 



Putting People Before BPEL 

A cadre of companies collaborating to 
extend language for human involvement 



BY DAVID WORTHINGTON 

Automated business processes 
contain a paradox. How can a 
process be automated at those 
points where people are 
involved? Many general-pur- 
pose business processes can- 
not be executed without 
human interaction, making it 
inherently more difficult to 
model processes with Business 
Process Execution Language 
(BPEL). A group of vendors 
have dubbed their solution to 
this problem "BPEL4People," 
but its impact is a matter for 
debate. 

BPEL is a business process 
modeling language that pro- 
vides an executable model 
based on Web services. BPEL 
2.0 was approved by OASIS, 
the Organization for the 
Advancement of Structured 
Information Standards, in 
April, and vendors are already 
trying to plug the gaps it leaves 
in the areas where humans 
interact. 

Active Endpoints, Adobe 
Systems, BEA Systems, IBM, 
Oracle and SAP are collaborat- 
ing to extend BPEL to support 
a broad range of human inter- 



action patterns, extending its 
modeling capabilities. Diane 
Jordan, program director for 
IBM emerging Internet soft- 
ware standards, said that the 
impetus for a common effort 
was that BPEL implementa- 
tions were diverging along this 
line, and vendors were tempted 
to address the problem with 
stopgap proprietary extensions. 

The BPEL4People specifi- 
cations — two specifications that 
build on the BPEL language — 
were published on June 25. 
WS-BPEL Extension for Peo- 
ple defines how to describe 
human tasks in a BPEL 
process. The tasks may be in- 
corporated as components in 
BPEL process definitions. 

The complementary specifi- 
cation, WS-HumanTask, defines 
the characteristics of human 
tasks, including the behaviors 
and operations used to manipu- 
late them. Jordan explained that 
WS-HumanTask addresses pro- 
cess structures that the vendors 
have seen while working with 
customers, resulting in five dis- 
tinct process-task interaction 
patterns. 

IBM WebSphere Process 



Server already implements both 
WS-HumanTask and the WS- 
BPEL Extension for People. 

According to Jordan, the 
parties will submit the specifi- 
cation to OASIS by the fall. 
OASIS would then begin work 
to draft a charter and form a 
technical committee — if it 
accepts the specifications. 

"It's becoming increasingly 
critical to understand and sup- 
port human interactions when 
modeling business processes," 
said Gartner research director 
Charles Abrams. "The publica- 
tion of these specifications is a 
substantial step in bridging 
human and IT interactions with- 
in the WS-BPEL language." 

Bruce Silver, principal 
analyst at Bruce Silver Associ- 
ates, a group of BPM and con- 
tent advisers, demurred, writ- 
ing in an article published 
at BPMInstitute.org that 
BPEL4People was unlikely to 
succeed. Silver explained that 
the interaction patterns that a 
BPMS must support in order to 
be BPEL4People-compliant 
were overly ambitious, and 
unlikely to be adopted outside 
oflBMandSAP I 



Java EE 6 Spec Creation Approved 

JSR will introduce profiles, seek to ease development 



BY ALEX HANDY 

The Java Community Process 
has approved the creation of 
JSR 316, a specification for 
Java Enterprise Edition 6. 
The proposed spec focuses on 
extensibility of the platform, 
and introduces the idea of 
profiles — targeted umbrellas 
of Java EE components, 
allowing developers to use 
segments of the platform 
rather than being required to 
use the whole thing. 

The JCP has formed an 
expert group that includes 
members from the Apache 
Foundation, BEA Systems and 
Pramati Technologies. 

From the JCP page: "It 
would not be appropriate for 
the Java EE platform to grow 
without bound to include all 
the interesting and useful 



technologies desired by web 
and enterprise application de- 
velopers. Instead, we believe it 
is desirable to enable more of 
these technologies to cleanly 
layer on or plug in to Java EE 
application servers. By adding 
more extensibility points and 
more service provider inter- 
faces, these other technologies 
can plug in to platform imple- 
mentations cleanly and effi- 
ciently, and be just as easy to 
use for developers as the facil- 
ities that are built into the 
platform." 

The new version of the Java 
EE platform will also address 
further SOA issues, through 
updates scheduled for JAX- 
WS, the Java Persistence API 
and JavaServer Faces. Also 
scheduled for inclusion are 
JSR 311 (JAX-RS: Java API for 



RESTful Web Services), JSR 
236 (Timer for Application 
Servers) and JSR 299 (Web 
Beans). 

Heading up JSR 316 are 
Sun Microsystems' Bill Shan- 
non and Roberto Chinnici. 
The two have laid out a time- 
line for the completion of the 
specification that targets Q4 of 
2008. For now, the focus is on 
the August release of the first 
expert draft. 

Among the members of the 
expert committee, only the 
Apache Software Foundation 
voted against the creation 
of JSR 316. Borland Software 
did not vote, while all remain- 
ing members of the JSR 
review ballot — including 
IBM, Sun, Oracle, Fujitsu, 
Red Hat and SAP — voted in 
favor of it. I 
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The SANS Institute has announced the launch of the first GIAC 
Secure Software Programmer exams, which will cover C and Java/Java 
EE. SANS is developing assessment exams and certifications in appli- 
cation security with a consortium of companies, including Deloitte & 
Touche, Intel and Tata Consultancy, to reduce software vulnerabilities 
caused by programmers who lack secure coding skills. The exams will 
take place Aug. 14 in Washington, D.C. 



NEW PRODUCTS 



Microsoft has made available a Community Technology Preview of 
"Acropolis," a set of tools and prebuilt components designed to make 
it easier to build and manage modular .NET business applications. 
Acropolis is a part of the .NET Client Futures wave of upcoming 
Microsoft client development technologies . . . CollabNet has 
announced Subversion for Mac OS X, for both Intel and PowerPC- 
based Macs. It has bindings for Java, Perl, Python and Ruby, and is 
available for free download from the openCollabNet developer site 
(www.collab.net/apple) . . . Dynamsoft, a software configuration man- 
agement provider, has released Dynamsoft SourceAnywhere Hosted, 
a software-as-a-service application. The "Hosted" version of the 
SourceAnywhere configuration management tool stores all reposito- 
ries in a Microsoft SQL Server-based library and supports 128-bit SSL 
encryption. The tool has plug-in IDE integration capabilities with 
Adobe's Dreamweaver, Eclipse and Microsoft's Visual Studio . . . Appli- 
mation, a provider of enterprise data management solutions for pack- 
aged applications, has added the Applimation Informia Secure data 
security tool to its Informia data 
management suite. The addition 
to the suite provides data masking 
algorithms that work with the Applimation EDM (Enterprise Data Man- 
ager) to identify and secure often-sensitive data fields in Oracle, Peo- 
pleSoft and Siebel applications . . . Enterprise application manage- 
ment solution provider Micro Focus has launched Micro Focus SOA 
Express, a tool for creating mainframe-based applications. SOA 
Express gives developers the ability to express mainframe-based busi- 
ness processes as Java EE or .NET objects, or as Web services. It also 
offers automatic service deployment to BEA's WebLogic, IBM's Web- 
Sphere, Microsoft's IIS (Internet Information Services) and Oracle's 
Application Server. . . Open-Xchange, a Tarrytown, N.Y.-based provider 
of SaaS applications, has announced Open-Xchange 
£J^^ Express Edition, a collaboration tool for small and medi- 

wjft r um-sized organizations. Open-Xchange Express Edition 
%JJ\ provides a self-contained installation, and offers an AJAX 
Web interface, support for shared calendars and tasks in 
Microsoft Outlook, and drag-and-drop capabilities. 
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UPGRADES 



ExtremePlanner Software, a provider of project planning tools for 
agile programming environments, has announced ExtremePlanner 
— "^^^, 3.1. The new version of the project plan- 
ner adds issue-tracking capabilities and 
the ability to manage customer requests and suggestions outside a 
bug-tracking system .... AccuSoft, a provider of imaging software 
development toolkits, has announced the latest version of its 
ImageGear .NET software development kit. The new version of the 
tool features support for Direct 3D 10, a component of Microsoft's Win- 
dows Vista-only DirectX 10 graphics platform, as well as .NET Web 
Forms support . . . Help system authoring tool provider Component- 
One has announced Doc-To-Help 2007 version 2, the company's sin- 
gle-source help authoring tool for creating HTML or Microsoft Office 
Word content and converting it to a variety of help file formats. The lat- 
est release includes a plug-in for Microsoft's Sandcastle, which gener- 
ates MSDN-formatted reference documents in XML from .NET source 
code and comment files. It also adds the ability to edit and manage 
commonly used text and a feature for defining content for reuse 
. . . Watchfire has released AppScan 7.6, the company's flagship Web 

continued on page 22 ► 



6 



NEWS 



Software Development Times . August 1 r 2007 . 



www.sdtimes.com 



IBM, Oracle Advance Database Platforms 



BY P.J. CONNOLLY 

Both IBM and Oracle have 
begun to beat the drums for the 
next releases of their database 
management platforms. Shortly 
after IBM opened a public beta 
of an updated version of the 



DB2 data server at the end of 
June, Oracle held a public 
launch of its Oracle Database 
llg, although the company 
remained imprecise about its 
final release. 

The July 11 launch in New 



York highlighted the Oracle 
Database update, first an- 
nounced at last Octobers Oracle 
OpenWorld. Database llg is 
expected to offer new developer- 
oriented features including 
client-side caching, a new just- 



in-time (JIT) Java compiler and 
native integration with Microsoft 
Visual Studio 2005. It also 
includes updates to its binary 
XML support that the company 
claims will improve application 
performance, and the speed of 
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file access and XML processing. 

Native PL/SQL compiling 
can be enabled in Oracle Data- 
base llg by setting just one 
parameter The company claims 
this can yield a performance 
improvement of up to 30 per- 
cent over noncompiled, "typical" 
application code. The company 
reports a similar improvement 
with the Java JIT features; the 
compiled Java code can be 
stored, eliminating the need to 
recompile stable code. 

Other new features in Oracle 
Database llg focus on data pro- 
tection and disaster recovery, as 
well as information life-cycle 
and storage management. When 
queried about general availabili- 
ty of the llg database platform, 
the best estimate that Oracle 
officials could muster amounted 
to "sometime this fall." 

IBM LOOKS TO SCALE 

Meanwhile, IBM has begun 
public testing of the next 
release of DB2, named "Viper 
2" in an attempt to capture 
some of the mojo from DB2 
release 9, which had been 
tagged "Viper" leading up to its 
launch in June 2006. 

Viper 2 is expected to contin- 
ue the company's focus on "pure 
XML," and the growing need 
companies have for a way to 
access unstructured XML data. 
But it also looks to make it easi- 
er for customers to cope with 
the growth in storage require- 
ments as companies retain ever- 
increasing amounts of data. 

For starters, Viper 2 offers a 
redesigned utility for database 
partition group redistribution 
that IBM says minimizes log- 
ging and improves the speed of 
data movement between data- 
base partitions in large-scale 
instances. 

IBM introduced row com- 
pression in the DB2 9 Viper 
release, but it required users to 
build a compression dictionary as 
a first step. Viper 2 enhances this 
feature by adding ADC (Auto- 
matic Dictionary Creation), for 
cases where data compression 
dictionaries do not already exist. 

Finally, Viper 2 implements 
the concepts of database roles, 
allowing users to model their 
database privilege regimes in 
ways that more closely match 
the organizational structure, 
while eliminating some of the 
gaps IBM has found in the use 
of group membership as a secu- 
rity paradigm. I 
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Can BPM and Supply Chain Go Mainstream? 



Microsoft contends BizTalk will change the economics of BPM 



BY DAVID WORTHINGTON 

Business process and supply 
chain management are often 
thought of as tools for big shops, 
with steep price tags that only 
the Fortune 1000 can tolerate. 
But Microsoft aims to democra- 
tize both spaces by reducing 
costs and building out a partner 
ecosystem based on its forth- 
coming BizTalk 2006 R2. 

Burley Kawasaki, director of 
Microsoft's Connected Systems 
Division, reiterated that point 
when he revealed in July that 
R2 would become generally 
available this September. 
Kawasaki said that Microsoft 
had "cracked the code" in terms 
of driving down costs. "Many 
companies cannot start BPM 
projects. Taking a mainstream 
approach makes it much more 
accessible to the average pro- 
gram manager." 

Kawasaki added that Micro- 
soft will give customers the 
option to purchase a SOA and 
Business Process Pack along- 
side Biz Talk 2006 R2 and will 
provide vertical industry- specif- 
ic supply chain solutions as part 
of the core platform. The pack 
combines Office SharePoint 
Server 2007, Visual Studio 
Team System and Microsoft 
SQL Server 2005 at a discount- 
ed rate. 

Biz Talk 2006 R2 has the 
ability to work with .NET 
Framework 3.0, to provide Web 
services integration that uses 
advanced features found in 
the Windows Communication 
Framework. 

ALL-IN-ONE APPROACH 

BizTalk Server 2006 R2 is cen- 
tral to Microsoft's RFID strate- 
gy, which places BizTalk in the 
middle of an integrated stack of 
RFID data, back-end systems 
and line-of-business applica- 
tions. Kawasaki claimed that 
Microsoft's all-in-one approach 
eliminates the extra costs that 
inhibit companies from deploy- 
ing connected supply chain 
solutions. 

Because events that affect 
business processes don't always 
happen at the home office, the 
new BizTalk Branch Edition 
will bring a hub-and-spoke 
approach to deployments. The 
Branch Edition provides a local 
BizTalk repository that relies on 
a central installation of BizTalk 
Enterprise Edition, and lacks 



the Enterprise Edition's devel- 
opment tools. The company 
will continue to offer the 
BizTalk Developer and Stan- 
dard editions as well. 



Kawasaki said that hub-and- 
spoke scenarios are typically 
not addressed by most integra- 
tion and SOA type infrastruc- 
tures. He predicted that new 



partner opportunities will fur- 
ther extend the product. 

Microsoft has also announced 
more general plans to provide 
technical guidance to cus- 



tomers that are embarking on 
BPM projects, and is forming 
an ecosystem of ISVs, channel 
development partners and 
systems integrators around its 
platform. A network of ISVs 
called the Business Process 
Alliance is extending the func- 
tionality of the Windows plat- 
form for BPM. I 
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SQL Server Still No. 1 in Databases 

BZ Research study finds that 
75 percent of enterprises use it 



BY ALAN ZEICHICK 

Microsoft SQL Server is still 
No. 1. According to the 2007 
Database and Data Access, Inte- 
gration and Reporting Study, 
completed by BZ Research in 
late June, 74.7 percent of enter- 
prises are using SQL Server. 
This is slightly lower than the 
76.4 percent reported in a com- 
parable July 2006 study, but it's 
still significantly higher than the 
other popular databases. 

BZ Research, like SD 
Times, is a subsidiary of BZ 
Media. This survey, conducted 
during the second half of June, 
was completed by 686 software 
development managers. 

The study showed that the 
other top databases, in terms of 
use, are Oracle (54.5 percent in 
2007, up from 51.3 percent in 
2006), Microsoft Access (54.4 
percent, down from 56.1 per- 
cent), MySQL (43.4 percent, up 
from 38.5 percent), IBM DB2 
(23.5 percent, up from 20.4 per- 
cent) and PostgreSQL (11.2 
percent, down from 11.6 per- 
cent). All other databases had 
less than 10 percent responses. 

One Microsoft user in this 
anonymous survey said, "SQL 
Server is much, much easier to 
use with ADO.NET than Oracle 
is at the moment. If Oracle ever 
addresses this, then we might be 
able to utilize Oracle more in 
the future." Another comment- 
ed, "Oracle is perceived as 
requiring a 'Priesthood' to pro- 
gram, configure and run. SQL 
Server is just another tool and is 
integrated with Visual Studio." A 
third said, "SQL Server is more 
than adequate for our needs, 
easy to administer, works well 
with Visual Studio and runs fine 
on an x86 server. It is our stan- 
dard for most in-house deploy- 
ments. A lot of our third-party 
vendors use it too." 

Not everyone, of course, 
uses SQL Server: "We're a 
major corporation and Oracle is 
a de facto standard for enter- 
prise computing (along with 
IBM DB2). Microsoft SQL 
Server, though we use it, is not 
industrial strength." Another 
added, "IBM is much easier to 
work with than Oracle in terms 
of tech support and sales." 

And sometimes it just 
depends: "We develop J2EE and 



.NET applications, SQL Server 
from Microsoft is everywhere in 
the small to mid customers, Ora- 
cle is in the large customers. 
When we sell applications we 
need to deploy apps that already 
mesh with existing databases." 
Another said, "MySQL has been 
started to test as alternative to 
Oracle." 

Sybase had its fans and crit- 
ics: "Sybase is still the de facto 
standard on Wall Street. It prac- 
tically runs itself allowing the 
DBA staff to take on 'other 
duties as assigned,'" said one 
respondent. Another said, "We 
wish Sybase added features as 
quickly as MySQL would, would 
extend T-SQL, and implement 
other features commonly found 
in other databases. Otherwise 
we'll probably leave it." 

Not all installed databases 
are used for new projects, but 
are retained as part of legacy 
systems. The 2007 study also 
asked which databases were 
used for the most recently com- 
pleted project. For this ques- 
tion, SQL Server was used by 
51.0 percent of projects, fol- 
lowed by Oracle at 37.1 percent, 
MySQL at 20.7 percent, Access 
at 14.9 percent, DB2 at 12.5 
percent and PostgreSQL at 4.2 
percent. All other databases had 
fewer than three responses. 

One respondent said, "Most 
[databases] are legacy, but new 
development is to be Oracle or 
SQL Server." 

CHOOSING FAMILIARITY 

When asked why they chose a 
specific database for their most 
recent project, nearly half of all 
respondents — 45.9 percent — 
said "familiarity with the data- 
base." The other top answers 
were "high availability or reliabil- 
ity features" (21.3 percent), 
"lowest development costs" (20.1 
percent), "lowest deployment 
costs" (18.6 percent), "covered 
under site license" (17.1 per- 
cent) and "requested by specific 
applications" (15.3 percent). 

The lowest responses to this 
question were "won competi- 
tive bidding" (1.9 percent) and 
"lowest memory footprint re- 
quirements" (3.1 percent). 

The full study, with verbatim 
responses, is available for pur- 
chase from BZ Research. I 
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Which interfaces do your company's developers use to integrate 
databases with applications? 
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Survey: Developers Targeting Windows Less Often 



BY DAVID WORTHINGTON 

Could a trickle of developers in 
Canada, Mexico and the Unit- 
ed States shifting away from 
Windows signal a coming tor- 
rent? Surveys published by 



Evans Data over the past two 
years have concluded that 
there is an accelerating trend of 
developers abandoning Win- 
dows clients as target plat- 
forms, and Evans forecasts that 



the trend will continue in favor 
of developing for embedded 
platforms and Linux. 

The latest numbers, pub- 
lished by Evans in its biannual 
North American Development 



Survey on July 3, indicate that 
development specifically for the 
Windows operating system has 
declined by 12 percent from one 
year ago, continuing a two-year 
slide. 
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Whether the same trend is 
occurring worldwide is un- 
known. Evans has not yet re- 
leased its latest updates for the 
Asia-Pacific and Europe-Middle 
East- Africa regions. 

In 2006, 74 percent of survey 
participants said that they were 
writing applications for some 
version of Windows. This year, 
that number fell to 64.8 percent 
from an equal sample, and 
Evans expects another 2 per- 
cent drop in the coming year. 

There is one bright side for 
Microsoft: Evans found that 
Windows use by developers 
themselves has remained steady. 

CHANGING LANDSCAPE 

The survey found that the num- 
ber of developers writing specif- 
ically for Linux had increased 34 
percent, from 8.8 percent of 
respondents a year ago to 11.8 
percent today. The data also 
shows that there was corre- 
sponding growth in develop- 
ment for embedded operating 
systems. "The landscape is 
changing," said John Andrews, 
president and CEO of Evans in 
a prepared statement. 

Evans did not divulge its 
methodology and other support- 
ive information except to say that 
the responses came from a pool 
of over 400 developers, from a 
variety of industries spread 
across development types. 

Microsoft declined to com- 
ment on the Evans survey. It is 
a client of Evans' and a member 
of its advisory board. 

Michael Cherry, an analyst 
with Directions on Microsoft, an 
independent organization of 
experts that tracks Microsoft, 
speculated, "It could well be 
that people are choosing Linux 
or another [platform] because 
they already have a strong Win- 
dows offering. 

"The key question you 
would have to see would [be]: 
'Why are you choosing this plat- 
form?' to make the data inter- 
esting," continued Cherry. 

Other findings from the sur- 
vey show that JavaScript is the 
most widely used scripting lan- 
guage, eclipsing PHP, Python 
and Ruby. However, Ruby 
usage is expected to increase by 
half over a year's time. 

Additionally, a third of North 
American developers are work- 
ing with virtualization, and its 
adoption is expected to increase 
by 42.5 percent within a year. I 
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WSDL 2.0 Now a W3C Recommendation 



BY DAVID WORTHINGTON 

Web Services Description Lan- 
guage 2.0 is now a World Wide 
Web Consortium (W3C) rec- 
ommendation. The specifica- 
tion describes Web services 
derived from XML, and is 
intended for use in combination 
with SOAP and XML schemas 
to compose Web services. 
WSDL tells client programs 
what functions are available on a 
server; applications use SOAP to 
call those functions. 

Much of the work in 
WSDL 2.0, finished in late 
June, was devoted to interop- 
erability. W3C held multiple 
interop and testing sessions, 
including weeklong program- 
ming marathons, to produce 
an interoperable standard. 

Moreover, WSDL 2.0 now 
works in both HTTP applica- 
tions and WS-* environments. 
Representational State Trans- 
fer, or REST, applications uti- 
lize HTTP methods to transmit 
domain-specific data without a 
SOAP messaging layer. The 
specification also includes 

VersionOne Ties 
Strategic Goals 
To Software 

BY DAVID RUBINSTEIN 

To meet the challenges of 
maturing, global agile develop- 
ment processes, VersionOne in 
mid-July released an update to 
its project management plat- 
form with more strategic prod- 
uct planning capabilities. 

According to company 
founder Robert Holler, "Agile 
has become a mainstream sce- 
nario." It is increasingly impor- 
tant, he said, for organizations 
to be able to define and align 
their goals and objectives with 
delivered features in software. 

The summer 2007 release of 
VersionOne has new function- 
ality that allows development 
managers to plan, track and get 
reports on team efforts and 
resource allocation. 

SURVEY SAYS... 

At the upcoming Agile 2007 
conference in Washington, 
D.C., VersionOne will release 
the results from a "State of 
Agile Development" survey 
conducted with the Agile Pro- 
ject Leadership Network, gaug- 
ing interest in agile practices. I 



improvements that were made 
for WSDL 1.1 in the WS-I 
Basic Profile. 

Version 1.1 was submitted to 
but not endorsed by the W3C; it 
was widely adopted by the indus- 
try nonetheless. The W3C Web 



Services Description Working 
Group began its preliminary 
work on WSDL 2.0 in 2002 and 
published four working drafts in 
the intervening years. 

Jonathan Marsh, co-chair of 
the W3C s Web Services Descrip- 



tion working group, claimed 
that WSDL 2.0 was well worth 
the wait for developers because 
of the addition of HTTP bind- 
ing, which provides access to a 
service when advanced features 
in the SOAP stack such as WS-* 



are not required. 

Numerous software vendors 
including Adobe Systems, CA, 
IBM, Sun Microsystems, Soft- 
ware AG's WebMethods sub- 
sidiary, and WS02 all intend to 
support WSDL 2.0. I 
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LEADT00LS 
Raster Imaging Pro 

by LEAD Technologies 

Raster Imaging Pro gives developers the tools 
to create powerful imaging applications. LEAD- 
TOOLS libraries extend the imaging support of 
the .NET framework by providing comprehen- 
sive support for image file formats (1 50+), 
200 image processing filters, compression, 
TWAIN scanning, high-speed image display, 
color conversion, screen capture, special effects 
and more. 
•. NET, API & C++ Class Library 

• New Web Forms Control 

• New Class Libraries for .NET 

• Royalty Free „ . 

programmers.com/lead 



dtSearch Web with Spider 

Quickly publish a large amount of data to a Web site 

• Dozens of full-text and fielded data search options. 
•Highlights hits in XML, HTML and PDF, while 

displaying links and images; converts other files 
("Office," ZIP, etc.) to HTML with highlighted hits. 

• Spider adds local or remote web sites (static and 
dynamic content) to searchable database 

• Optional API supports SQL, C++, Java, and all 
.NET languages. 

"Bottom line: dtSearch manages a terabyte of 
text in a single index and returns results in 
less than a second. " — InfoWorld 
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Download dtSearch Desktop with 
Spider for immediate evaluation 



Single Server 
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Vorld D29072P 

$ 873." 

programmers.com/dtsearch 
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DevTrack 

Powerful Defect and Project Tracking 
by TechExcel 

TechExcel DevTrack is the most powerful, 
affordable and easy-to-use defect and project 
tracking tool for development organizations. 
You'll dramatically transform your development 
processes, save significant time and resources, 
and deliver quality products on-time and 
on-budget. 

• Distributed team support 

• Sophisticated workflow engine 

• Built-in indexed search engine 

• Point-and-click administration 

• Fully configurable user interface 

programmers.com/techexcel \ 

/n software Red Carpet 
Subscriptions 

by /n software 

/n software Red Carpet™ Subscriptions give 
you everything in one package: communica- 
tions components for every major Internet 
protocol, SSL and SSH security, S/MIME 
encryption, Digital Certificates, Credit Card 
Processing, ZIP compression, Instant 
Messaging, and even e-business (EDI) 
transactions. .NET, Java, COM, C++, Delphi, 
everything is included, together with per 
developer licensing, free quarterly update CDs 
and free upgrades during the subscription term. 



c-tree Plus® 

by FairCom 

With unparalleled performance and sophistication, 
c-tree Plus gives developers absolute control over 
their data management needs. Commercial 
developers use c-tree Plus for a wide 
variety of embedded, vertical market, 
and enterprise-wide database applications. 
Use any one or a combination of our flexible 
APIs including low-level and ISAM C APIs, simplified 
C and C++ database APIs, SQL, ODBC, or JDBC. 
c-tree Plus can be used to develop single-user and 
multi-user non-server applications or client-side 
application for FairCom's robust database server 
— the c-treeSQL™ Server. Windows to Mac to 
Unix all in one package. 
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F010131 

$ 711." 

programmers.com/faircom 
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Adobe FlexBuilder 2 

by Adobe 

Adobe® FlexBuilder™ 2 software is a rich 
Internet application framework based on 
Adobe Flash® that will enable you to 
productively create beautiful, scalable 
applications that can reach virtually anyone 
on any platform. It includes a powerful, 
Eclipse™ based development tool, an 
extensive visual component library, and 
high-performance data services enabling 
you to meet your applications' most 
demanding needs. 



Paradise # 
A14137P 
99 



$ 476. 



programmers.com/adobe 



Telerik RadControls 

by Telerik 

Add grid, combo, editing, navigation and charting 

functionality to your AJAX and ASP.NET projects. 

RadControls for ASP.NET enhances your Web 

applications by adding AJAX functionality to your 

ASP.NET projects. The suite takes full advantage 

of the features included in Visual Studio 2005. 

RadControls for ASP.NET helps developers deliver 

feature-rich, standards-compliant (WAI-A, WCAG 

1.0, XHTML 1.1) and cross-browser compatible 

Web applications, while significantly cutting 

their development time. RadControls for ASP.NET 

includes: RadEditor, RadTabstrip, Radlnput, 

RadCalendar, RadUpload, RadWindow, RadAjax, 

RadGrid, RadCombobox, RadMenu, RadSpell, 

RadChart, RadTreeview and more. „„„„„„„„, „_ / fa | ar ;L 

programmers.com/telerik 

Intel® Cluster Toolkit 

by Intel® 

Create applications for Intel® processor- 
based cluster systems with performance- 
enhancing tools that include perform- 
ance libraries, performance analyzers, 
and benchmark tests — integrated into 
one easy-to-install software bundle. 
Intel® Cluster Toolkit 3.0 for Linux 
adds more than 20 new features to the 
core libraries and tools to efficiently 
develop, optimize, run, and distribute 

parallel applications on clusters with Paradise # 

Intel processors. 123 31 101A01 

$ 713." 

programmers.com/intel 
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VMware® Infrastructure 3 

The most widely deployed software suite for 
optimizing and managing industry standard IT 
environments through virtualization — from the 
desktop to the data center. The only production- 
ready virtualization software suite, VMware 
Infrastructure is proven to deliver results at 
more than 20,000 customers of all sizes, used 
in a variety of environments and applications. 
The suite is fully optimized, rigorously tested 
and certified for the widest range of hardware, 
operating systems and software applications. 
VMware Infrastructure provides built-in management, 
resource optimization, application availability and 
operational automation capabilities, delivering 
transformative cost savings and increased operational 
efficiency, flexibility and service levels. 
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2 Processors 
Paradise # 
V55071H 

$ 888." 

programmers.com/vmware 



TX Text Control 13 



TX Text Control is royalty-free, robust and 
powerful word processing software in reusable 
component form. 

•. NET WinForms control for VB.NET and C# 

• ActiveX for VB6, Delphi, VBScript/HTML, ASP 
•File formats RTF, DOC, HTML, XML, TXT 

• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text frames, 
bullets, numbered lists, multiple undo/redo 

• Ready-to-use toolbars and dialog boxes 




Professional Edition 
Paradise # 
T79023W 

$ 669." 
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SlickEdit® 2007 

by SlickEdit Inc. 

SlickEdit® is the code editor that delivers 
unparalleled speed, power, and flexibility. 

Type fewer characters, and make fewer errors using 
syntax expansion, completions, aliases, and code 
templates. Create and manage large workspaces and 
projects. Diff files, test regular expressions, do builds, 
and interact with version control. 

Configure SlickEdit to match your coding style. 
Choose from 1 3 editor emulations, customize menus, 
toolbars, key bindings, and mouse operations. 

Code in over 40 languages on 8 platforms. SlickEdit 
works with Windows Vista and supports Solans x86. 




for Windows 
Paradise # 
M3902BA 

$ 254." 



InstallShield 2008 

by Macrovision Corporation 

With its award-winning technology deployed 
on more than 500 million PCs globally, 
InstallShield® is the industry standard for 
authoring high-quality Windows Installer and 
InstallScript installations — ensuring that 
software applications are correctly installed, 
configured, updated and eventually unin- 
stalled on Windows®-based desktops. 
InstallShield lets software producers keep 
customer satisfaction high and support 
costs low. 
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$ 1,689." 
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Writing countless custom 

applications to access ALL your data? 

Only 1 tool is needed, /^cSnRk< 
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Without CONNX, you are required to write a custom application to access legacy 
and/or relational data, which is . . . 

► Limited to only that application. 

► Dependent on the creation of custom reports in order for the data to be 
accessible to the end user. 

► Costly and time consuming to write and maintain. 



With CONNX 




CONNX... 



► Uses a single metadata model that spans virtually all your legacy and relational 
enterprise data sources. 

► Offers SQL access to all your legacy and relational data sources via ODBC, 
OLE DB, JDBC and .NET. 

► Includes InfoNaut, a desktop/query reporting tool, allowing the end user to 
instantly view data and create their own reports, increasing IT productivity. 

► Can be used with virtually any tool that is compatible with the APIs listed above. 



CONNX is... 



!► REALTIME 

Access data directly from transaction databases and multiple disparate databases 
while preserving data integrity. 

► ROBUST 

CONNX takes advantage of resources on both the backend host and the 
middleware server or client PC. 

► SCALABLE 

The CONNX distributed SQL engine design enables unmatched performance 
from the single project to enterprise initiatives. 

► SECURE 

CONNX respects all existing database security and provides additional user 

group, row, field, table and database security. 
!► A MONEY AND TIME SAVER 

CONNX significantly reduces the time required to generate ad hoc reports. 

Clients report saving as much as $10,000 per report per month. 
fe> EASY TO INSTALL AND FAST TO LEARN 

Installation and use of CONNX is made easy through the user-friendly CONNX 

Data Dictionary GUI and the InfoNaut SQL Query Builder. 

The full CONNX Solutions product line will empower you with data access, data integration, 
ad hoc reporting, web enablement and change data capture tools. 

To see CONNX in action, take a test drive at www.connx.com/action. 

To find out more about CONNX, call 888.88CONNX or e-mail sales@connx.com. 
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The iProcess Workspace provides an access-controlled Web-based interface for all participants. 

TIBCO Finely Threads 
Processing and Services 



BY DAVID WORTHINGTON 

TIBCO Software's efforts to align 
its BPM and SOA initiatives have 
advanced, from May, when it 
announced the TIBCO One project, 
a strategy combining SOA design 
principles with business process man- 
agement (BPM) and event-driven archi- 
tecture (EDA). 

iProcess Suite 10.6, announced at 
the beginning of July, is one of the first 
fruits of Project One. The new tools 
were designed to offer fine-grained 
integration between TIBCO's BPM 
and SOA layers, while improving the 
user experience. 

Also featured in the release are role- 
based usability enhancements, and 
more granular process-monitoring 
capabilities. iProcess 10.6 adds support 
for IBM DB2 9.1, Microsoft Windows 
Server 2003 and Red Hat Linux 4.0. 

Jeff Kristick, TIBCO's vice presi- 
dent of marketing, explained that 
tighter integration between iProcess 
and BusinessWorks— TIBCO's SOA 
layer — adds the ability to query for 
details such as transaction case num- 
bers and to make audit-trail entries. 

At the same time, he noted, it allows 
the grafting of subprocedures and 
steps to a BPM process, through the 
SOA layer. iProcess 10.6 integrates ser- 
vices in a business process and enables 
more fine-grained services, in a build- 
ing-block fashion. 

On the other side of the coin, it is 
now easier for a service to invoke a 
business process at a granular level, 
claimed Kristick. 



Version 10.6 provides a more 
nuanced view of subprocesses for users, 
who are now able to monitor sub- 
processes as events are published, 
through the steps of a parent process. 
For example, a credit-check component 
might be reused from a new account 
openings process in another process, 
while retaining the context of the parent. 

ELIMINATES THE MIDDLEMAN 

Integration with the TIBCO Business 
Studio process modeling and design 
environment makes it possible for 
users to directly deploy processes into 
iProcess, without requiring an inter- 
mediary environment. Kristick noted 
that TIBCO iProcess Modeler is being 
retired and replaced by Business 
Studio. 

The release also introduces iProcess 
Workspace, a unified browser- 
based portal that packages work items 
and item status into dashboards for 
process designers and participants. 
Workspace controls are added to a spe- 
cific user type based upon the role 
of the user. User profiling and analysis 
determine the role-based usability 
enhancements that are included in 
iProcess. 

Additionally, Kristick noted that 
scalability has been upgraded, to mon- 
itor a broad range and quantity of busi- 
ness processes. 

Improved in-memory caching 
permits work items to be assigned 
to individual users, and dynamic caching 
raises the product's overall per- 
formance. I 
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VMware Turns Its Attention to Test Integration 



BY P.J. CONNOLLY 

Testing integration is the focus 
of an update to VMware s Lab 
Manager automation system 
that also added new operating 
system support and storage 
options, and introduces updates 
to management tools designed 
to simplify image deployment. 

The EMC subsidiary an- 
nounced that as part of the Lab 
Manager 2.5 release on July 9, 
two partners have stepped up to 
support the integration of third- 
party test automation suites. 
Borland Software will release an 
update to its SilkCentral tools, 
while Genilogix will unveil the 
beta of a plug-in that adds inte- 
gration with HP Quality Center. 
In both cases, the aim is to allow 
testers to check out complete 
virtual test environments with- 
out leaving their test tools. The 
company already offers a plug-in 
for IBM's Rational tool set. 

VMware also announced that 
it was making available for 
download a free ROI calculator 
to help users quantify savings 
achieved with virtualization. 
James Phillips, VMware s senior 



director of virtual software life- 
cycle automation solutions, 
explained, "We've been able to 
work with a lot of customers 
across regions and industries, 
both to help them and to 
observe how they're measuring" 
the value and success of their 
Lab Manager implementations. 
Phillips was previously the 
founder and CEO of Akimbi, 
which developed the technolo- 
gy behind Lab Manager before 
being acquired by VMware in 
2006. The first VM ware-brand- 



ed version, 2.4, shipped Dec. 
22, 2006. 

VMware Lab Manager 2.5 
now allows customers to use 
iSCSI and NFS devices for the 
storage of their libraries of virtu- 
al machines, joining Fibre Chan- 
nel SANs that were the only 
option in the earlier release. 
NFS storage could be used in 
that release, but with limitations. 

Operating system support 
has also been expanded in Lab 
Manager 2.5; 64-bit guest oper- 
ating systems now work with 



this version, and Solaris 10 x86 
virtual machines are supported 
through the built-in tools. 
Guests running Windows Vista 
Ultimate are also supported, 
but for now that functionality is 
still experimental, according to 
VMware. Lab Manager now 
supports virtual machines in 
SMP configurations, for greater 
scalability. 

The Lab Manager tools 
themselves have also been 
updated, adding the ability to 
access the Lab Manager console 



with the Mozilla Firefox brows- 
er, DHCP-based address alloca- 
tion, e-mail notification, LDAP 
group restrictions on Lab Man- 
ager access, and new delete and 
"undeploy" options, with auto- 
mated server pool cleanup. 

New storage maintenance 
tools allow access at the virtual 
machine level, to measure 
recoverable disk space with 
graphical and tabular views. 
Other enhancements include 
usability improvements and 
Japanese language support. I 



SURGIENT TAKES LAB MANAGEMENT FORWARD 



BY P.J. CONNOLLY 

One might be forgiven for be- 
lieving that virtualization below 
the mainframe level begins and 
ends with VMware, but that's 
simply not the case. Surgient 
expects to release version 5.3 of 
its tools for managing virtualized 
systems in August, with support 
for both VMware ESX Server 3 
and for Microsoft Virtual Server 
2005 R2 SP1. 

Surgient's management tools 



focus on the different ways peo- 
ple use virtualized systems out- 
side of the data center. VQMS — 
the company's Virtual QA/Test 
Lab Management System — pro- 
vides centralized control for de- 
velopment and test infrastruc- 
ture, while the VTMS Virtual 
Training Lab Management Sys- 
tem focuses on the requirements 
of hands-on lab environments for 
both classroom and online set- 
tings. Demonstration and evalua- 



tion setups are the province of 
VDMS, the Virtual Demo Lab 
Management System. 

All three are being updated 
in version 5.3 with improve- 
ments to management, network- 
ing and reporting features. The 
new NAIL — as in network 
abstraction and isolation layer — 
Server permits complex net- 
working of guest images without 
a management agent, while the 
updated firewall traversal and 



remote access features are 
designed to allow for the cen- 
tralization of lab hardware while 
maintaining global availability. 

Management and reporting 
improvements include updated 
calendaring and resource reser- 
vation features and customized 
information extraction for the 
support of other business intel- 
ligence tools. 

Surgient also announced in 
late June that Hewlett-Packard 
had begun to resell VQMS, as 
an integrated component of its 
own Quality Center tool set. I 
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But you still have access to all things Agile 
from the leader in Agile adoption. 
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BEA Bitten by Social Bug 



BY DAVID WORTHINGTON 

What happens when a new gen- 
eration of workers is full of dig- 
ital natives? Tech-sawy em- 
ployees demand to be able to 
do the same kind of social com- 
puting in the workplace that 
they do outside the office, and 
IT has the choice of dealing 
with insecure consumer-grade 
tools or finding a better way. 

BEA Systems has extended 
its AquaLogic product line with 
three new products embracing 
social computing in a governed 
context that IT can trust and 
control: AquaLogic Ensemble, 
AquaLogic Pages and Aqua- 
Logic Pathways, which became 
generally available on July 16. 

AquaLogic Ensemble is 
mashup infrastructure software 
designed to support two dis- 
tinct groups: developers and IT 
managers. It creates and man- 
ages enterprise mashup appli- 
cations that are independent of 
the development environment 
and hosting environment. 

Jay Simons, BEAs senior 
director of business interaction 
product marketing, claimed 



that Ensembles value proposi- 
tion for IT managers is that it 
acts as a transparent proxy for 
existing Web applications, pro- 
viding perimeter security, sin- 
gle sign-on and usage analytics. 
External and internal Web 
applications are registered as a 
resource; Ensemble then layers 
security and the provisioning 
system over the applications. 

Developers can register a UI 
service, widget or other pro- 
grammable element for reuse by 
fellow developers in their 
mashups. Instead of 50 develop- 
ers learning the Google Maps 
API, Simons explained, a single 
developer can create a mapping 
widget and register it with 
Ensemble. Other developers, 
working in any language or plat- 
form, call the widget by insert- 
ing an XML tag inside of their 
code, and the resource is served 
up to the end user at runtime. 

AquaLogic Pages allows par- 
ticipants to pull enterprise data 
to a Web page and build collab- 
orative Web applications. Data 
is exposed from within RSS, 
as well as SOAP and REST 



Web services. Simons 
described Pages as an 
application wiki; users 
drag and drop compo- 
nents to add into 
pages, and enter addi- 
tional information as 
needed. 

Information can 
reside in many places, 
and experts are associ- 
ated with each slice of 
the knowledge pie. 
AquaLogic Pathways 
is a collaborative information 
discovery and expert identifica- 
tion tool that helps users discov- 
er and share information and 
expertise through a social book- 
marking system. 

This produces a "folksonomy" 
of user-defined tags that may 
veer from the standard corporate 
lexicon, while being idiomatically 
useful. Simons explained that 
information should be labeled in 
a way that is meaningful to 
groups — what makes sense to 
sales may not make sense to mar- 
keting. Pathways creates views 
based on how collections are 
viewed and how others tag con- 




Pathways' tags are ranked on activity and identify people associated with the content. 



tent. People can be associated 
with the content they create, an 
increasingly important require- 
ment in this age of governance. 
The search algorithm is similar to 
Google PageRank, except that 
search relevance is ranked on 
usage and activity. 

Social communities have a 
role in the enterprise, says one 
analyst. "Web 2.0 is not just for 
teenagers or Internet addicts," 
said Gene Phifer, vice president 
and distinguished analyst at 
Gartner. "Software vendors are 
building very serious, global- 
class business applications that 
provide significant value to an 



organization in terms of worker 
productivity and increased 
business efficiency, and enter- 
prises should consider deploy- 
ing these new technologies. . .to 
complement their existing IT 
investments." 

BEAs Levy believes that the 
key to an agile infrastructure is 
tailoring IT to human behavior. 
He added that social computing 
provides the contextual under- 
standing necessary to make 
SOA initiatives work. 

He emphasized reuse in the 
form of components. "Without 
reuse, all you get are siloed appli- 
cations in a repository," he said. I 
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PUNPA& PATA VISUALIZATION 



What defines a leader and an innovator? 
Cutting-edge technology, of course. Strate- 
gic vision. Empathy with customers. Dun- 
das Data Visualization, recognized for 
excellence in the 2007 SD Times 100, 
has plenty of technology, vision and 
empathy. But there's another factor that 
defines a leading company in the soft- 
ware industry: talent. 
"We spend a lot of time and effort to 
hire the finest talent available. This means 
Dundas can offer the best-designed prod- 
ucts, with the best pre- and post-sale techni- 
m^ cal support available in the industry," ex- 

^f plains Troy Marchand, president, Dundas Data 

ml Visualization. "It's serious business around the 

W office to make sure that all our customers are taken 
care of at every point of contact, and that we constant- 
ly exceed their expectations." 

Over the past year, that talent has created many best- 
of-breed products, including the new Dundas Chart for 
SharePoint 2007 and an entire product line for SQL Serv- 
er Reporting Services, says Marchand. "We were the first 
to market and have established and maintained market 
leadership. We often see other software companies release 
similar products months or even years after we do, which 
reinforces our position as leaders in the market." 
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Dundas Chart for SharePoint 2007 
demonstrates the power of talent, as the 
company swiftly built a solid solution to target the plat- 
form, without many development tools or supporting ma- 
terials to facilitate the creation of components. "Because 
we saw many opportunities with SharePoint 2007, we 
pressed on through the challenges and came up with a 
fantastic product," says Marchand. "Our design includes 
many custom interfaces that make the process of design- 
ing charts and binding them to data within the SharePoint 
environment user friendly." 

The big winners are the company's customers: Devel- 
opment teams who want the most attractive, easy-to-use, 
feature-filled products choose data visualization compo- 
nents from Dundas. "With full evaluations offered-that 
don't time out— clients get a chance to fully test our tech- 
nology before spending a cent," explains Marchand. "Not 
only do we provide comprehensive documentation and 
sample frameworks, but we also offer free pre-sales tech- 
nical support, whenever possible, to ensure that all ques- 
tions are addressed before purchasing." 

The knockout punch is the assurance that Fortune 
500 companies across the globe rely on Dundas Data 
Visualization technology 
for their enterprise-level 
projects. Learn more at 
www.dundas.com. 
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App Security Gets 
Caught in a Hailstorm 

Cenzic platform adds dashboard view of security tools 




BY JEFF FEINMAN 

As the landscape of the appli- 
cation security market changes 
significantly with the recent 
acquisitions of two of Cenzic's 
major competitors, the Santa 
Clara-based Web app security 
provider is looking to devour 
a larger piece of the pie. 

The company was expected 
to release version 5.0 of 
Cenzic Hailstorm ARC (Appli- 
cation Risk Controller), the 
company's risk management 
platform for app security, in 
mid-July 

This version offers a dash- 
board view of Cenzic's applica- 
tion security tools, along with 
the ability to work with third- 
party tools including Hewlett- 
Packard's SPI Dynamics and 
IBM's Watchfire lines. Hail- 
storm 5.0 can import applica- 
tion name and assessment 
results, and includes a reference 



specification for importing man- 
ual penetration test results. 
Hailstorm ARC 5.0 also pro- 
vides integration framework 
capabilities with tools from Bor- 
land, Bugzilla, Fortify, HP and 
Ounce Labs. 

Enhanced messaging log 
features in the update can show 
the history of an application, 
storing information about each 
time an application is tested. 

HOLISTIC LOOK 

"We've taken more of [a] risk 
management approach, versus 
having a small penetration test- 
ing tool trying to find some- 
thing," said Mandeep Khera, 
vice president of marketing for 
Cenzic. "This looks at the holis- 
tic view of your entire enter- 
prise; how many apps there 
are, if they're secure or not, 
and where all the different 
results are coming from." 



John Weinschenk, CEO 
of Cenzic, said that with 
HP's acquisition of SPI 
Dynamics and IBM's 
acquisition of Watchfire, 
Cenzic has an opportunity 
to grow in the market. He 
believes that one of the 
consequences of these 
acquisitions is that securi- 
ty providers such as CA, 
McAfee and Symantec 
will get into the applica- 
tion security space. 

Weinschenk explained, 
"[HP and IBM are] both 
focused on putting app 
security in the develop- 
ment-level testing, and I think 
that really misses the whole val- 
ue of testing, which is testing 
the production applications. I 
think there are going to be 
huge holes left for that. I think 
we're one of the companies 
that can fill those holes." 



n*ihb-jAiu 



V ,r- fc 



ilJfl 




■in ninii ii 



□ rm I 4rtiHiti 



.ii.i.- , 



Hailstorm ARC'S new dashboard view offers a security summary in addition to 
application status information. 



When asked if he would 
consider an offer for an acqui- 
sition, Weinschenk said that if 
the right deal came along, he 
would certainly take it. 

"I think our stance is that 
we're very happy growing our 
business as we continue to 



take more market share in the 
space. Obviously, if someone 
came to the table and it made 
business sense for our cus- 
tomers and shareholders, then 
we'd do it, and if it doesn't, we 
won't. There's no rush, from 
our viewpoint." I 
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Software testing is an ever-advancing, 
always-innovative practice, and that's 
nowhere as apparent as in testing service- 
oriented architecture services and appli- 
cations. At the forefront of S0A testing 
is iTKO, makers of the LISA S0A Test- 
ing Framework. iTKO is a winner of the 
2007 SD Times 100, the newspaper's an- 
nual listing of leaders and innovators in 
F the field of software development. 

iTKO has a keen devotion to helping 
each customer deliver high-quality soft- 
ware, especially in the new S0A world-and 
m ^fc^ that's where the company sees its customers 

^f going. As Jason English, vice president of 

mf iTKO, explains, "A strong S0A strategy must be 

^ in place if the enterprise is to trust these highly hetero- 
geneous, distributed systems." 

LISA provides the complete, collaborative and contin- 
uous testing needed to effectively achieve S0A life-cy- 
cle quality governance. As a single application suite de- 
veloped from the ground up for S0A, LISA can test com- 
ponents at every technology layer— including Web, Web 
services, Java, .NET, EJB, ESB/Messaging and database, 
at every phase of design, development and deployment. 
According to English, LISA provides no-code ease of use 
that lets whole teams of developers, QA professionals 
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and business analysts own quality by con- 
tinuously testing and validating these sys- 
tems as they're developed and deployed. 

When it comes to innovation, iTKO (www.itko.com) 
leads the market, releasing one of the first no-code dy- 
namic testing solutions available today. "Automating 
testing as a continuous process-enduring over the life- 
cycle of SOA-is an evolutionary change from the idea 
of procedural unit testing of code, or acceptance testing 
of the user interface," explains English. "By adding con- 
tinuous regression testing and continuous verification 
testing to LISA, we marked the advent of life-cycle qual- 
ity as a key aspect of SOA governance." This break- 
through validates and ensures the success of manage- 
ment and policy practices for SOA. 

iTKO's mission is to enable everyone to own business 
software quality— and they don't just talk the talk. "We 
walk a mile in our customers' shoes to make quality 
happen," says English. "Everyone at iTKO, from man- 
agement to consulting, development and support, has 
years of experience in solving complex integration 
problems." Call iTKO to put their SOA testing expertise 
to work for your organization today. 
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Backbase Dials AJAX In to iPhones 



BY JEFF FEINMAN 

In an attempt to jump on the 
"Jesus phone" bandwagon, 
Backbase, which calls itself "the 
AJAX company," has announced 
that its software suite will sup- 
port Apple s iPhone. 



This simply means that 
Backbase's products now work 
with Safari 3.0, the built-in 
browser of the iPhone. Back- 
base officials also said the com- 
pany plans to create widgets and 
components designed specifi- 



cally for iPhone, although Apple 
does not appear to have any 
plans to support third-party 
content on the device itself. 

Michel Gerin, vice president 
of marketing for Backbase, 
explained that the company has 



been getting a lot of requests 
to support mobile phones. 
Though Gerin said that Back- 
base had met with Apple about 
supplying the AJAX capabilities 
for iPhones, Apple has made no 
official mention of Backbase in 
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regard to application develop- 
ment for the handset. 

Instead, Apple officials have 
spoken in generic terms, noting 
that developers can write Web 
applications with AJAX, which 
the phone consumes as it 
would other Web content. 

"Developers and users alike 
are going to be very surprised 
and pleased at how great these 
applications look and work on 
iPhone," said Apple CEO Steve 
Jobs at Apple's Worldwide 
Developers Conference in 
mid- June. "Our innovative 
approach, using Web 2.0-based 
standards, lets developers cre- 
ate amazing new applications 
while keeping the iPhone 
secure and reliable." I 

Telelogic Unveils 
Its Latest Change 

BY JEFF FEINMAN 

Even with the company's pur- 
chase by IBM looming, Tele- 
logic isn't standing still, 
announcing in late June version 
4.7 of Telelogic Change, the 
company's change management 
solution. 

New features of Telelogic 
Change 4.7 include improved 
quality assurance traits, with 
data collection and reporting 
capabilities identifying defects 
and predicting how they will 
impact cost. The tool has also 
been integrated with other 
Telelogic products, including 
the Focal Point product and 
portfolio management tool, and 
the DOORS Fastrak require- 
ments management tool. Com- 
pany officials claim these inte- 
grations improve collaboration 
and allow large numbers of 
change requests. 

Telelogic Change 4.7 sup- 
ports the Capability Maturity 
Model for process improve- 
ment, which ranks organiza- 
tions according to the standard- 
ization of processes in areas 
including software engineering, 
systems engineering and pro- 
ject management. It also can 
work with the ISO 9000 family 
of quality management stan- 
dards. 

"With the latest version of 
Change, Telelogic provides an 
integrated change process and 
workflow that supports even 
the most rigorous process ini- 
tiatives and governance rules," 
said Jesper Christiansen, vice 
president of change and config- 
uration management products 
for Telelogic. I 
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TIBCO Spotfire DXP 2.0 Does the Mash 

Leverages Web 2.0 capabilities to make business analytics more interactive 



BY DAVID WORTHINGTON 

Static reports may soon be- 
come a thing of the past, 
thanks to the evolution of 
business intelligence tools. 
The Web 2.0 era has advanced 
collaboration and information 
sharing to a degree that 
was unfathomable just a few 
years ago. 

TIBCO Software's recently 
acquired Spotfire division is 
the latest to embrace the Web 
2.0 paradigm, with Spotfire 
DXP 2.0, an enterprise analyt- 
ics platform that allows users 
to broadcast and share data 
across the enterprise. Comple- 
mentary interactive reporting 
and integration capabilities 
were also added to the DXP 
update, which was released in 
mid-July. 

The Spotfire DXP Web 
Player is an AJAX Web client 
that allows users to view and 
navigate configured analysis 
workflows, filter and mark 
records interactively, and see 
visualizations and dashboards 
update dynamically. It can 
operate from a Web browser 
or as a component embedded 
in a corporate portal. 

Spotfire DXP Web Player 
interactive reports are auto- 
matically generated when 
business users save analyses to 
the Spotfire Analytics Library. 
Shared analysis templates can 
be used to keep all users up to 
date with changing data. 

BEYOND TRADITIONAL Bl 

According to Spotfire division 
executive vice president 
Christopher Ahlberg, the real- 
time analytics that Spotfire 
DXP provides greatly benefit 
the productivity of business 
users. 

A software development kit 
enables developers to extend 
the Spotfire platform with 
compiled extensions that 
appear to end users as part of 
the core product. A client and 
server API supports business 
process integrations, including 
mash-ups, and custom applica- 
tion development. The SDK 
provides assemblies to com- 
pile and debug custom exten- 
sions in Microsoft Visual Stu- 
dio 2005 and example code 
written in C#. 

"For many organizations, 
traditional BI falls short 
because it just can't reach 



enough data and it isn't user- at more data and giving it services firm Nucleus Re- rapidly find actionable in- 
friendly enough. to end users in a highly in- search, wrote in a prepared formation in their data, seize 
TIBCO Spotfire DXP's teractive and visually intuitive statement. opportunities, and achieve com - 
enterprise analytics goes be- format," David O'Connell, "This means that line-of- petitive advantage," O'Con- 
yond traditional BI by getting senior analyst at research business managers can more nell added. I 
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MORE UPGRADES 



< continued from page 5 

application vulnerability assessment tool, and AppScan OnDemand, 
a new hosted version of the tool. Watchfire, which agreed in June to 
be purchased by IBM, claims that the OnDemand service is ideal for 
companies with little application security expertise or those purchas- 
ing third-party software . . . ICEsoft, a provider of enterprise AJAX 
solutions, has announced ICEfaces 1.6, the company's flagship AJAX 
development environment. The new version integrates with JBoss 
Seam 1.2.1 for the creation of Web 2.0 applications. Other new fea- 
tures include support for JSF 1.2 and a new panel component 
pjy . . . Developer Express, a company that 

creates Windows application development 
tools, has made available DXperience 2007, which includes Windows 
and ASP.NET components, IDE productivity tools and reporting solu- 
tions for Visual Studio. This version introduces a grid control, ASPx- 
GridView Suite, which allows developers to create Web forms 
. . . Integration and SOA testing tools provider Solstice Software has 
released version 6.0 of Solstice Integra Suite, which consists of test 
automation tools and SOA implementation capabilities. The newest 
version can work with any Java EE/J2EE-compliant application serv- 
er, including IBM's WebSphere and Red Hat's JBoss, and can create 
SOAP messages that conform to specific security policies . . . Visual 
Mining has released version 5.1 of NetCharts Reporting Suite, a col- 
lection of corporate performance management tools. The analytics 
and reporting company has added the ability to designate the maxi- 
mum number of rows of data to display in an HTML table, and auto- 
matic AJAX-driven updates of menu content . . . Virtual infrastruc- 
ture management technology provider VMLogix has announced the 
latest version of its flagship product, VMLogix 
LabManager 3.0. The newest version of the 
product offers integration with VMware's ESX 
Server, and Microsoft's Virtual Server 2005 along with partnerships 
with IBM, Novell, Red Hat and Sun Microsystems . . . Atlassian, a 
provider of enterprise collaboration software, has announced version 
1.2 of Bamboo, the company's continuous integration server. Bamboo 
1.2 includes new features such as external database support and the 
ability to build individual security plans on the Bamboo system 
. . . Business process integration and messaging infrastructure tech- 
nology distributor Fiorano Software has released Fiorano SOA 2007 
SP2, the company's SOA platform for distributing applications. Fio- 
rano SOA 2007 SP2 features a layered repository for easier upgrades 
to enterprise server data, enhanced document tracking on error 
ports, and adapter enhancements including support for Java Mes- 
sage Service TTL properties. 
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HULSMANN 



James Hulsmann joins BZ Media as its new Web 
developer. Hulsmann previously served as an inde- 
pendent software consultant for his own company, 
Neo Genesis Consulting, based out of Miller Place, N.Y. 
. . . Enea, a provider of network software and ser- 
vices, has appointed Jim Lawrence as chief software 
standards officer, putting him in charge of standards- 
based software platforms. Lawrence has been involved in creating 
telecom technologies for more than 25 years, serving in various roles 
for Intel, Motorola and OpenClovis . . . Sergey Kalinichenko was 
announced as the winner of the software component design track of 
the 2007 TopCoder Open, sponsored by AOL. Kalinichenko, who lives 
in San Francisco, took the US$25,000 first-place prize for his designs 
that included a tool for database structure conversion and a generic 
application service processor. This year's competition, which took 
place at the Mirage Hotel in Las Vegas, brought together 77 finalists 
out of 4,600 registrants to compete in computing science disciplines. 
. . . Rally Software has named Evan Campbell to the new position of 
VP of professional services. Campbell, a 15-year industry veteran, has 
been responsible for turning development organizations to agile 
methods, from the team level on up. He is a Certified Scrum Master 
and a Certified Information Systems Auditor. I 



Zend and the Art of PHP 
In the Enterprise World 



BY ALEX HANDY 

While PHP development in 
enterprises has grown over the 
past few years, the languages 
originators have sought ways to 
make it more compatible with 
corporate development process- 
es. To that end, Zend Technolo- 
gies in early July released the 
first full version of its namesake 
framework, which the company 
hopes will speed development, 
while making it easier to adhere 
to best practices when building 
PHP applications. 

According to company co- 
founder and co-CTO Andi Gut- 
mans, Zend Framework 1.0 is 
built for easy adoption and 
development in the corporate 
world. 

Gutmans was one of the cre- 
ators of PHP back in the 1990s, 
and for the past year, he's been 
working with the Zend team on 
building this new framework. "I 
think it's definitely a huge pro- 
ductivity enhancer," said Gut- 
mans, pointing to the modulari- 
ty and reusability of the code 
inside the framework as a moti- 
vator for enterprise uptake. 
"Key to the framework is the 
testing methodology we use. 
The best practices haven't been 
as visible in the PHP communi- 
ty as they have been in the Java 
community." 

Gutmans added that the 
framework is specifically de- 



signed for the use of best prac- 
tices, some of which were 
penned by Zend itself. 

Gutmans recognized that 
PHP is difficult to improve, 
when it comes to speed and 
ease of development, so the 
framework team concentrated 
heavily on integrating Web ser- 
vices tooling and support. 
Specifically, Zend worked with 
third-party Web services com- 
panies, including Microsoft and 
Google, to add tailored support 
for common services. 

PIECE BY PIECE 

But these new features, admit- 
ted Gutmans, aren't going to 
drive adoption. What will push 
the framework into enterpris- 
es, he said, is that Zend 
Framework can be used in 
pieces. Various parts of the 
whole can be added to sites 
with minimal effort, he 
claimed, without the need to 
cram the entire framework 
into the site being modified. 

One component that can be 
used apart from the framework 
is Zend's own PHP port of 
Apache Lucene, a site search 
tool that was originally written 
in Java. Gutmans explained that 
many of the users of the Zend 
Framework beta were original- 
ly jumping into Java code inside 
their applications just to get the 
benefits of Lucene. Gutmans 



predicted that this modular 
adoption approach would speed 
uptake in enterprises. 

Michael Goulde, senior ana- 
lyst at Forrester, said that Zend 
is hoping to address the rising 
popularity of Ruby on Rails 
with the release of the frame- 
work. "The PHP folks felt that 
having a solid framework for 
people to work with is going to 
be important competitively." 

Another Forrester senior 
analyst, Jeffrey Hammond, said 
that the release of the Zend 
Framework highlights the rising 
importance of the structure that 
goes around dynamic languages. 
"It is very interesting how the 
idea of frameworks, in addition 
to core languages themselves, 
are shifting the battleground as 
developers look to these tech- 
nologies. Ruby is much less 
interesting if you don't have 
Rails there. Java developers 
always ask me whether they 
should be using Spring or 
Hibernate: 'What framework is 
going to help us get where we 
need?' It's a proof point that the 
higher-level things these frame- 
works do is important to devel- 
opers," said Hammond. 

Zend Framework 1.0 is free 
and open source, and available 
at framework.zend.com. Zend 
has begun to offer training and 
consulting services using the 
software. I 



MKS Overhauls Integrity Platform 

Test, requirements management capabilities boosted 



BY JEFF FEINMAN 

With an eye to meeting cus- 
tomers' needs for new life-cycle 
management abilities and better 
collaboration among develop- 
ment teams, MKS has over- 
hauled MKS Integrity, the com- 
pany's flagship ALM platform. 

MKS Integrity 2007, which 
the company expected to release 
in late July, comes with improve- 
ments to the configurations for 
test management. Philip Deck, 
CEO of MKS, said the improved 
configurations allow a customer 
to do requirements-based test- 
ing, by linking a requirement to a 
test plan or a test session. 

The tool offers unified 



requirements change manage- 
ment, which allows individual 
requirements to be reused. 
Groups of requirements can be 
associated and reused in a par- 
allel development scenario. 
Furthermore, the tool can iden- 
tify a point in history for a 
requirement or document, and 
navigate the system based on 
that, beginning new work with 
the baseline as a starting point. 

MKS Integrity 2007 offers 
SAP and Oracle PeopleSoft 
change management tools with- 
in its ALM platform. 

Another new feature in MKS 
Integrity 2007 is lock manage- 
ment capability; Deck said that 



MKS Integrity 2007 offers more 
flexible locking features, allow- 
ing developers to specify how 
their locking model is set up. 
The offering also includes a doc- 
ument interface that has support 
for Rich Text Format. 

"When we build an advanced 
capability, the benefit is shared 
by every part of the application 
life cycle," Deck said of MKS' 
architecture. "Now we're adding 
reusability and rich text. That 
applies to requirements manage- 
ment, test management, soft- 
ware development — any part of 
the life cycle gets the benefit of 
all those features, because it's a 
single architecture." I 
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NetAdvantage® for Windows Forms with PDF export and WinDesktopAli 



i-Platform User Experience 

NetAdvantage for .NET 2007 Vol. 2 

The ultimate toolset for user interface design and development 




Windows Forms 

Consistent Microsoft Office User Experience - Add PDF/XPS document exporting, Microsoft® Excel import, 

and desktop alert notifications to your Windows Forms applications 

ASP.NET 

Improve Web Site Visibility - Improve search engine scoring for your Web sites powered by AJAX-enabled 

NetAdvantage for ASP.NET controls, with streamlined handling of web crawler requests 
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Charts & Gauges 

Stunning Professional Dashboards - NEW Gauges for ASP.NET and Windows Forms instantly provide a clear 

understanding of Key Performance Indicators 






Application Styling ™ 

Design Once # Style Everywhere - for Windows Forms and ASP.NET applications powered by NetAdvantage. 
Quickly create and apply corporate standards across controls or applications 
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Powering The Presentation Layer 

Infragistics Sales - 800 231 8588 
Infragistics Europe Sales - +44 (0) 800 298 9055 
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Ecma Catches Heat Over Microsoft 'Standards' 



< continued from page 1 

and Xerox's demonstration at 
Microsoft Professional Develop- 
ers Conference 2005. XPS' sub- 
mission to Ecma was co-signed 
by 15 companies that will partici- 
pate in the work of the technical 
committee, including Autodesk, 
Brother, Canon, HP, Lexmark, 
Ricoh, Toshiba and Xerox. 

A QUESTION OF INFLUENCE 

Naysayers and rivals have be- 
moaned the way Microsoft has 
maneuvered its internally devel- 
oped specifications through stan- 
dards bodies, alleging that it 
exerts too much control over the 
process. Critics claim that 
Microsoft is using Ecma as a 
gateway to put its standards 
before ISO/IEC, following 
Microsoft's submission of its 
Office Open XML document 
formats to Ecma last year, and its 
acceptance as the Ecma 376 
standard last December. The 
specification was subsequently 
submitted to ISO/IEC for fast- 
track approval, where it remains 
under consideration. 

A notice posted on the TC46 



'Regardless of what has been 
standardized and what hasn't, 
for a government that wants 
to publish documents like tax 
forms for citizens to access, 
PDF is currently the only 
viable option.' 




-Greg DeMichillie, analyst at Directions on Microsoft 



Web page on June 29 poured 
gasoline onto the fire. The 
notice read that the committee's 
stated goal was to "produce a 
formal standard for an XML- 
based electronic paper format 
and XML-based page descrip- 
tion language which is consistent 
with existing implementations of 
the format called the XML 
Paper Specification." Another 
directive was to produce a for- 
mal standard for office produc- 
tivity applications within the 
Ecma International standards 
process that would be fully com- 
patible with the Office Open 
XML (OOXML) Formats. 

Linux Foundation board 
member and attorney Andrew 



Updegrove reacted sharply. "If 
OOXML, and now Microsoft 
XML Paper Specification, each 
sail through Ecma, and are 
then adopted by ISO/IEC 
JTC1, then I think that we 
might as well declare 'game 
over' for open standards," 
Updegrove wrote in his blog on 
ConsortiumInfo.org. 

When questioned, Upde- 
grove stated that Microsoft was 
not doing anything explicitly 
wrong, but Ecma and ISO 
would be, by creating standards 
that further embed a single 
product into the marketplace. 

"It is hard to square a stan- 
dard built to one firmly embed- 
ded product [Microsoft Office], 



with the concept of looking out 
for the best interests of all stake- 
holders," Updegrove remarked. 

Microsoft spokesperson 
Catherine Brooker attempted to 
extinguish the flames, telling SD 
Times that there were "inaccu- 
racies" on Ecma's Web site that 
made XPS sound like its submis- 
sion to Ecma has something to 
do with OOXML. 

The TC46 committee has 
since updated its Web page to 
remove the offending language. 

Directions on Microsoft ana- 
lyst Greg DeMichillie noted that 
there are two kinds of standard- 
ization: The "old-school" IEEE- 
style development process where 
interested parties get together, 
and debate and prototype before 
finalizing the specification; and 
another "young standard" style, 
where a company such as 
Microsoft develops something on 
its own, and then looks to a stan- 
dards body to ratify it without 
making significant changes. 

"Effectively, it allows vendors 
to develop software on their own 
and then get the imprimatur of 
being standardized," said De- 



Michillie. He added that in 
order for XPS to be successful, 
XPS readers must be available 
for all of the popular platforms, 
because governments and busi- 
nesses want assurances that doc- 
uments created today can be 
read in the future. 

Noting that there are no 
non-Windows XPS readers 
available today, DeMichillie said, 
"Regardless of what has been 
standardized and what hasn't, for 
a government that wants to pub- 
lish documents like tax forms for 
citizens to access, PDF is cur- 
rently the only viable option." 

Stephen Walli, a former par- 
ticipant in the IEEE, Ecma and 
ISO POSIX standards communi- 
ties, and currently vice president 
of open source development 
strategy at Optaros, said Mi- 
crosoft is taking to Ecma a tech- 
nology that they acknowledge is 
a PDF competitor. He added 
that XPS need not be standard- 
ized at this time and that stan- 
dardizing early is "dangerous," 
unless Microsoft expects to be 
the only implementation. 

Microsoft's Brooker pointed 



3P irnee 100 wiNNe&e profile 



Application Lifecycle Management lets 
development teams leverage real-world ex- 
perience while writing software to solving 
business problems. Leading-edge devel- 
opment teams know the benefits that 
ALM tool suites bring to their projects. 
They also know that a leader in ALM 
technology is TechExcel, named to the 
2007 SD Times 100, the industry's annual 
' listing of leaders and innovators in the field 
of software development. 
"TechExcel offers the only ALM solution 
centered on the concept of knowledge," ex- 
m JpF^ plains Tieren Zhou, Ph.D., CEO and chief archi- 

^f tect for TechExcel. "By including a searchable, 

mf indexed knowledge-management system with all 

" our ALM tools, we clear the channels of communication 
between business units." 

By eliminating the walls between the knowledge silos 
that exist between different teams and in different locales, 
TechExcel DevSuite helps enterprises increase both the ef- 
ficiency and overall quality of their end products. "Every- 
one has a clear idea of what it is they need to do; why they 
are doing it. DevSuite helps them collaborate across pro- 
jects using the same set of documents and collateral," says 
Zhou. "This lets teams communicate better and reduce their 
cycle times, allowing the right products for the right mar- 
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kets to be built in the shortest possible time." 
TechExcel (www.techexcel.com) stands 
out because DevSuite works with every leading software 
configuration-management system. "Our VersionLink 
SCM integration allows for an open, flexible, and plat- 
form-independent way to associate source code modifica- 
tions with real-time task tracking and workflow," Zhou 
says. "This allows our customers to use systems they are 
comfortable with, and saves them the hassles of migration 
and retraining that forcing them to a specific SCM system 
would bring." 

That's not all, Zhou adds. "Our ALM solutions are often 
less expensive, more feature-rich and require very little 
guidance to set up. A typical rollout for DevSuite is about 
two weeks, compared with some of our competitors who 
take months of costly consulting time for implementation 
and ongoing support." 

Indeed, TechExcel's tools have been designed from the 
ground up to work seamlessly in an integrated fashion. As 
Zhou says, "We have not acquired other companies' intel- 
lectual property and attempted to integrate it into our 
suite. Each module has been designed to link with all oth- 
er modules, forming a more solid and well thought-out in- 
tegration than any other 
ALM suite on the market." 
Learn more by visiting 
TechExcel today. 
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Forrester Sees Dynamic Language Growth 



to Web standards as an example 
of how young standards can 
grow and become something 
useful with industry participa- 
tion, and added that Ecma will 
decide when XPS is ready 

She explained that Ecma 
would be producing drafts and 
technical documentation that oth- 
er developers can use to build 
XPS readers and translators. 

But Walli went on to accuse 
Microsoft of dumping its new 
product specification into Ecma 
for competitive reasons. "They're 
not evolving anything, they're 
just competing with an accepted 
standard," referring to Adobe's 
PDF. Adobe did not respond to 
repeated requests to comment. 

Jean Paoli, general manager 
of interoperability and XML 
architecture at Microsoft, stat- 
ed that XPS was designed to 
solve a different set of problems 
than PDF is trying to solve. 

He said the primary benefits 
of XPS are that it is optimized 
for the set of requirements need- 
ed for electronic paper, it uses an 
XML-based markup language 
for interoperability, and it can 
be implemented in document 
peripherals that need random 
access of content and streamed 
consumption. I 



< continued from page 1 

ignored by enterprises, they're 
simply sneaking in the back 
door. They learned that Python, 
for example, has made headway 
with nonprogrammers: The lan- 
guage now offers many power- 
ful frameworks and libraries for 
scientific and engineering uses. 
PHP, on the other hand, is 
often used for database-driven 
applications that require con- 
stant modifications and shifting 
requirements. 

This so-called dynamic lan- 
guage creep will have big impli- 
cations for development teams 
and their daily chores, the ana- 
lysts claimed. For one thing, said 
Hammond, developers using 
dynamic languages are given 
much more initiative as to how 
they will complete their tasks. 

"[Among] the things that are 
going to be different about 
these languages is the ways 
they're constructed shift the 
way traditional development is 
done," said Hammond. "Dy- 
namic languages offer things 
like [dynamic] 'duck' typing, 
which means you don't have 




The dynamic languages are creating 
'strange bedfellows/ says Forrester 
senior analyst Jeffrey Hammond. 

rigidly typed function calls. That 
means developers can put 
together architectures that are 
very flexible but may introduce 
errors at runtime. The type of 
skill set you need also changes. 
Ruby is very similar in architec- 
tural principle to Smalltalk, so 
you need really good object-ori- 
ented skills to use it effectively. 
PHP can be used in ways that 
are similar to what many Visual 
Basic programmers have done 
in the past." 



However, that means that 
testing requirements for corpo- 
rate applications will shift as well. 
"Things will compile successfully 
without a problem," Hammond 
predicted, "but because of dy- 
namic interfaces, it's possible 
someone will put together a con- 
nection at runtime that fails. 
Then the question becomes: Is 
the business logic supporting it?" 

The other thing that dynamic 
languages do, Hammond said, is 
they tend to trust developers 
more to make design decisions. 
"If you have a bad developer 
going very, very fast, that's a bad 
thing. They need to understand 
that these languages are very dif- 
ferent from Java and C++. The 
compiler is not going to save 
them all the time. With more 
power and speed comes more 
responsibility." 

For now, Goulde and Ham- 
mond see three of these dynamic 
languages as being the most 
important for enterprises. Cer- 
tainly, said Hammond, JavaScript 
is important for Web develop- 
ers — being the only language in 
the pack that requires no extra 



stack components to write and 
deploy — but at the moment, 
Ruby is the language that is see- 
ing the most growth in overall 
uptake in enterprises. Goulde 
also pointed out that PHP is like- 
ly the most popular dynamic lan- 
guage in current corporate devel- 
opment environments. 

Goulde and Hammond pre- 
dicted that finding developers 
will not be too difficult. While 
they both conceded that, cur- 
rently, dynamic language devel- 
opers are commanding a premi- 
um price for their services, it is 
also possible to retrain existing 
developers to use these lan- 
guages. 

"There's a lot of skill transfer 
across these languages. It's not 
like you're working in a totally 
different environment. They 
have enough similarities that 
developers pick it up pretty 
quickly," said Goulde. "These 
guys have worked with multiple 
languages for years. They try to 
use the best language for the 
purpose at hand. They're not, 
by any stretch, skills limited to 
one language." I 
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RAVSNFLOW 

Eight years of technology innovation are 
paying off for Ravenflow, leaders in the 
field of requirements validation for de- 
velopers. From the first day, Raven- 
flow— which was called N8 Systems 
until 2005— demonstrated that yes, it's 
possible to get requirements right. The 
company's skills, expertise and solutions 
portfolio was recognized by Ravenflow's 
f inclusion in the 2007 SD Times 100, the 
industry's annual listing of leaders and in- 
novators in the field of software develop- 
1 j ment. 

M^f What makes Ravenflow different? They 

^F speak your language. "We are the only compa- 

mf ny that detects requirements errors in plain 

W English," explains Joe Marasco, Ph.D., president and 
CEO of Ravenflow. "Our customers find that having tex- 
tual use cases and the diagrams that correspond to them 
side by side greatly helps them in finding errors and in- 
consistencies. Moreover, we use the underlying model 
we generate to alert the users to errors we have detect- 
ed programmatically." 

In addition to the RAVEN requirements validation sys- 
tem, RavenSpace, the company's collaboration server, is 
the first solution to allow stakeholders and other review- 
ers to collaborate using a Web portal that encapsulates the 
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ongoing work of business analysts in refin- 
ing and validating use cases. 

Ravenflow's customers experience breakthrough differ- 
ences in the time it takes them to elicit, analyze, specify 
and validate their requirements. "Rather than focusing on 
merely managing requirements, they are improving their 
ability to get their requirements right," says Marasco. The 
result: Customers report that they have been able to ac- 
celerate requirements-gathering processes that previously 
took weeks down to several hours. 

What's more, because RAVEN ensures that the dia- 
grams that accompany use cases are always in sync 
with the text of the requirements, the entire team is 
more productive, and has more confidence in the re- 
quirements themselves. "Now when they change one 
sentence in a use case, they can regenerate the diagram 
in seconds with the push of a button, and know it is 
'correct by construction,'" says Marasco, adding that 
this increased accuracy lets subject-matter experts visu- 
alize their use cases in real time-even as they're de- 
scribing them to the development team or to business 
analysts. 

Learn how to improve the quality of your requirements 
by visiting www.ravenflow.com today. 

RAVENFLOW 
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Should Government Set Bar? 




Coverity is part of a DHS-funded 
project designed to ensure the 
security of popular open source 
software, says CEO Seth Hallem. 

Public, Private 
Sectors Partner 
For Innovation 

BY JENNIFER DEJONG 

Phrases like "public and private 
sector collaboration" get bandied 
about like so much talk from 
government officials. But some- 
times it's more than just rhetoric. 

A U.S. Department of 
Homeland Security (DHS) pro- 
gram known as the Science and 
Technology Directorate is fund- 
ing private sector research 
efforts to drive development of 
technologies that would help 
secure the Internet and other 
critical networks, on which much 
of the U.S. economy depends. 

In January 2006 application 
security toolmaker Coverity 
Stanford University and anti- 
virus software maker Symantec 
were jointly awarded about US$1 
million from DHS. The contract 
funds a project known as "Vul- 
nerability Discovery and Reme- 
diation Open Source Hard- 
ening," designed to make sure 
that widely used open source 
offerings, including Apache, 
FreeBSD, GTK, Linux, Mozilla, 
MySQL and PostgreSQL, are 
secure, said Coverity CEO Seth 
Hallem. The two-part effort 
identifies potential weaknesses in 
open source software and then 
provides the necessary remedia- 
tion. "The contract has allowed 
us to conduct new research," he 
said. It lets DHS take advantage 
of the findings, while also provid- 
ing it with a pathway to commer- 
cialize that research, he said. 

Hallem did not offer further 
details of the project, but said 
results of the research effort will 
make their way into the next 
release of Prevent, Coverity's 
source code analyzer for C, C+ + 
and Java. I 



< continued from page 1 

retailers accountable for keeping 
credit card numbers safe. 

"Government could take the 
message to the masses," said 
Ounce Labs founder and chief 
technology officer Jack 
Danahy "That would be huge- 
ly interesting." 

EMERGING EFFORT 

If either initiative materializes 
in the United States, it will 
come from the Department of 
Homeland Security Office of 
Cyber Security and Telecom- 
munications, led by assistant 
secretary Greg Garcia. Asked in 
an e-mail message whether 
DHS intends to set a standard 
for application security and act 
as a certifying authority, Garcia 
did not respond. 



Coverity president and CEO 
Seth Hallam believes DHS will 
set a standard for application 
security and that government 
needs to play the role of a certi- 
fying authority. "We need a gov- 
ernment seal. Otherwise how 
do we know [which Web appli- 
cations] are trustworthy?" 

He said the seeds of an 
emerging standard are evident 
on Build Security In (build 
securityin.uscert.gov/daisy/bsi 
/home.html), a DHS Web site 
that publishes secure coding 
guidelines for software develop- 
ers. "The coding rules are a 
start," said Hallam. He envisions 
that DHS will take the first steps 
in establishing a standard, then 
work with the private sector to 
iron out the specifics. IBM and 
HP will be among the first back- 



ers, lending credibility to the 
government effort, he said. 
Then the application security 
"up and comers" will follow suit. 

IBM is expected to com- 
plete its acquisition of Watch- 
fire by the end of September. 
HP has said it plans to finalize 
the SPI Dynamics deal in the 
same time frame. 

A more likely way for DHS to 
get involved in the application 
security arena is by working with 
the toolmakers in that market to 
help promote best practices for 
secure coding, for both the pri- 
vate and public sectors' organiza- 
tions, said Cenzic's Khera. 

That is already happening. 
The Build Security In site was 
developed for DHS by the Soft- 
ware Engineering Institute at 
Carnegie Mellon University. 



SECURITY MESSAGE RECEIVED 



Recent signs that the secure coding message is 
catching on: 

• SANS shifts security stance to applications. 

Long focused on network security, the training 
institute SANS (which stands for SysAdmin Audit 
Network Security) this year launched two appli- 
cation security efforts. In March it kicked off 
the Secure Programming Skills Assessment 
(www.sans-ssi.org/ttspsa), a series of exams to 
evaluate developers' secure coding skills. Later 
this month SANS is set to host in Washington, 
D.C., the "What Works in Application Security 
Summit 2007" (www.sans.org/appsummit07), 
where representatives from companies such as 
JCPenney and Sovereign Bank are expected to 
share lessons learned from their efforts. 

• PCI gets app-savvy. You have to dig deep into 
the document to find it, but the Payment Card 



Industry Data Security Standard 1.1 (www 
.pcisecuritystandards.org/tech/index.htm) last 
September began specifying application-level 
security measures. PC1 1.1 mandates, for example, 
that Web applications must undergo guarterly 
vulnerability scans by a PCI-gualified vendor, and 
that penetration tests must be performed 
at least once a year, and after any significant 
modification. 

• Big players to buy small toolmakers. Analysts 
have predicted for more than a year that the appli- 
cation life-cycle management giants would snap up 
small, privately held application security toolmak- 
ers, lending legitimacy to the secure coding mar- 
ket. In June that finally happened: IBM announced 
a plan to buy Watchfire, and HP said it expects to 
acguire SPI Dynamics. Both deals are slated to 
close in the third guarter. —Jennifer deJong 



But the Information Technolo- 
gy Association of America 
(ITAA) and the vendors that 
belong to the nonprofit trade 
organization also contributed to 
that effort, Khera noted. 

Garcia worked for the ITAA, 
prior to assuming his role at 
DHS role last September. 

Also likely to emerge from 
DHS is a mandate on procuring 
software used by government 
agencies. It will work much the 
way the disability standards that 
apply to software do, said 
Watchfire vice president of 
marketing David Grant. "The 
government says, 'Have you 
passed 508?'" he noted, refer- 
ring to the 1998 amendment to 
the Rehabilitation Act, which 
required federal agencies to 
make their electronic and infor- 
mation technology accessible to 
people with disabilities. "That 
will happen for security as well." 

Fortify's Thornton said that 
while the application security 
toolmakers don't necessarily 
need the government to pro- 
mote security awareness among 
consumers, the government 
can't possibly assure national 
security unless the private sector 
does its part. The biggest chal- 
lenge for DHS, Thornton said, is 
getting companies in banking 
and transportation and other 
industries that are core to the 
U.S. economy to understand the 
possible security threats. "It's 
not hackers. It's Iran. It's North 
Korea. [Those countries] maybe 
looking to damage the system 
our economy depends on." I 



What's Your Security Story? 

A look at what some of the major companies are doing 



BY JEFF FEINMAN 

So, where s the chain reaction? 

Many in the industry, ana- 
lysts and pundits alike, agreed 
that the acquisition agreements 
announced in the past two 
months involving Watchfire (by 
IBM) and SPI Dynamics (by 
HP) would spark more consoli- 
dation in that space. 

However, as many turned 
their eyes to other industry big 
dogs such as Microsoft and 
Oracle, the security acquisition 
front has remained quiet. Some 
of the companies have taken 
their own approach to dealing 
with security at the developer 
level, either creating original 



tools or allowing plug-ins for 
third-party offerings. 

Microsoft offers security 
tools in its Visual Studio Team 
Suite, including Static Code 
Analyzer, which can automati- 
cally perform code reviews. For 
different projects, developers 
can select from the different 
rules run by Static Code Analyz- 
er. Visual Studio also includes 
check-in policies to help ensure 
consistent code quality. These 
policies can be set to analyze 
code and execute test cases. 

Borland Software is taking 
the approach of allowing plug- 
ins of security analysis tools to 
its build and test automation 



system, Gauntlet. The tool can 
handle plug-ins for security 
tools such as Cenzic's Hailstorm 
and Fortify's Source Code 
Analysis Software. 

"I don't think Borland is at 
the point yet where we've 
looked at acquiring somebody in 
this space because there are so 
many different vendors focused 
on different aspects of security," 
said Marc Brown, director of 
product marketing for Borland. 
"I think the first thing we need 
to do is ensure that our Open 
ALM strategy is realized by 
making sure customers are look- 
ing at different types of security 
analysis technologies and can 



use those effectively in our ALM 
suite." 

When asked how Borland's 
technologies could measure 
against an acquisition of a full 
security company, Brown said 
the critical thing for the com- 
pany is its ability to allow orga- 
nizations to use any tool with 
its ALM platform, which doesn't 
prevent someone from using 
SPI Dynamics or Watchfire 
technologies with Borland's 
suite. 

As for the popular IDE 
offered by Eclipse, there are 
not any projects in the works 
around developer security, 
according to Ian Skerrett, 
director of marketing for the 
Eclipse Foundation. 

Despite repeated requests, 
Sun and Oracle would not pro- 
vide comment for this story. I 
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Web Services App Servers Go Open Source 



BY DAVID WORTHINGTON 

Say hello to open source Web 
services application middle- 
ware. WS02 has fleshed out a 
new Java runtime for hosting 
services that brings it one step 
closer to realizing its ambition 
of delivering an open source 
middleware platform for SO A. 

Web Service Application 
Server (WSAS) 2.0, announced 
in mid-July, is derived from the 
Apache Axis2 Web services 
engine. It supports the WS-* 
family of standards and imple- 
ments Web Services Description 
Language (WSDL) 2.0. WSAS is 
engineered to be backward- 
compatible with legacy services. 

Since WSDL 2.0 can be 
used in both HTTP applications 
and WS-* environments, WSAS 
now supports REST (Repre- 
sentational State Transfer) 
applications that use HTTP 
methods to transmit domain- 
specific data, without relying on 
a SOAP messaging layer. 

WSAS 2.0 arrives just one 
month after WS02 took the 
wraps off its enterprise service 
bus (ESB) component. The 



WS02 ESB is an Apache 
Synapse-based service-and- 
message mediation platform 
that provides the ability to con- 
figure, route, log and manage 
Web services. It is designed to 
run alone or alongside WSAS. 

The WS02 Web Services 
Framework consists of an ESB 
identity solution, a mashup serv- 
er still in the alpha stage, and 
WSAS. Business rules, gover- 
nance and policy, portal, security 
and services registry compo- 
nents are on deck. 

The WSAS server core runs 
on commercial software includ- 



ing BEAs WebLogic, IBM's 
WebSphere and Red Hat's 
JBoss, in addition to open 
source platforms such as Glass- 
Fish, Jetty and Tomcat. With 
this release, it is now possible to 
deploy Enterprise JavaBeans 
components. 

Another core improvement 
is Eclipse IDE integration with 
the WSAS runtime for debug- 
ging and testing purposes. 
WS02 chairman and CEO San- 
jiva Weerawarana said that the 
wizards were the best solution 
to eliminate the complexity of 
WS-*. The integrated wizards 



configure and manage services 
on the Web. 

New data services in WSAS 
2.0 make data "mashable" by an 
AJAX client without extra cod- 
ing. Weerawarana explained 
that to service-enable relational 
data, a developer simply points 
to a database, writes a query, 
and defines how data can be 
executed by a Web service and 
what to do with the results. The 
WS-* security stack ensures 
data security. 

WSAS 2.0 is backward-com- 
patible with Apache Axis as well 
as Axis2 services. This was 



made possible by embedding 
elements of the Axis runtime 
behind the Axis2 runtime. 
Legacy services can take advan- 
tage of WS-*, but their payloads 
are still processed through the 
Axis runtime elements, to pre- 
serve compatibility. 

Security, meanwhile, has 
been improved with support for 
the XML Key Management 
Specification and now offers 
access throttling to thwart 
denial-of-service attacks. Clus- 
tering and high-availability sup- 
port is also available in the new 
release. I 



ILOG Adds Diagram Components to Visual Studio 



BY DAVID WORTHINGTON 

Dashboard displays and dia- 
grams are omnipresent in busi- 
ness. Developers seeking to 
integrate them into their .NET 
Windows Forms and Web 
Forms applications have a new 
tool at their disposal. On July 
11, ILOG released ILOG Dia- 
grammer for .NET 

ILOG Diagrammer inte- 



grates with Microsoft Visual 
Studio 2005, providing dedi- 
cated designers, toolboxes and 
wizards that are supplement- 
ed with online documenta- 
tion. Written entirely in C#, 
Diagrammer's two key fea- 
tures are the graph layout dia- 
grams and diagram editing 
tools. 

The layout algorithms use 



automatic layout techniques to 
represent business processes, 
computer networks, dataflows, 
knowledge-based systems, or- 
ganizational charts and work- 
flows. Designers can choose 
from hierarchical, force direct- 
ed, grid and link, and tree 
placement layouts. 

Three prebuilt graphical 
editing tools in ILOG Diagram- 



mer serve a dual purpose: They 
help developers build defined 
classes of modeling tools, while 
serving as a starting point for 
creating custom tools. In the 
box are editors for Business 
Process Modeling Notation and 
UML class diagrams, as well as 
a generic Diagram Designer, 
and documented source code is 
available. I 
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Application life-cycle management (ALM) 
is a big task, encompassing everything from 
configuration management to defect 
tracking to automated testing to end-to- 
end quality assurance. It's rare to find 
companies that are expert in even one 
of these broad areas. It's even rarer to 
find companies like Seapine Software, 
that excel in all of them. Seapine stands 
T alone, which is why it's a winner of the 
2007 SD Times 100, the newspaper's annual 
listing of leaders and innovators in the field 
1 J of software development. 

m^ Knowing that software quality is an increas- 

^F ingly important differentiator to companies in 

ml many industries, Seapine has developed a quali- 

W ty-centric approach to ALM, combining multiple inte- 
grated ALM tools into a tailorable software-quality solu- 
tion that runs circles around others in the industry. 

"Seapine provides the only integrated application life- 
cycle management suite-Seapine ALM-at a mid-market 
price point that does not require extensive integration 
and customization," explains Richard Riccetti, Seapine 
Software's president and CEO (www.seapine.com). "You 
can be up and running with an integrated Seapine ALM 
solution fast." Indeed, Seapine's customers worldwide 
appreciate the products' ease of installation and use, the 
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company's highly responsive technical sup- 
port, and of course, overall affordability. 

While Seapine is justifiably proud of its popular set of 
ALM solutions, the company is also known for its end- 
to-end focus on quality assurance, demonstrated by its 
TestTrack product family: TestTrack Pro for issue man- 
agement, TestTrack TCM for test case management, and 
the newly released TestTrack Studio for test planning 
and tracking. 

"Our ability to link defects and change requests to the 
code that contains them, as well as link issues to test 
runs, track defects and manage test scripts all in one 
place and quickly automate functional tests, is un- 
matched except by only a few expensive enterprise ALM 
suites," says Riccetti. 

"As we continue to improve and expand our products 
for the software development life cycle," says Riccetti, "we 
view our recognition in the SD Times 100, along with our 
continued rapid growth, as further endorsement of Seap- 
ine's strategy of providing quality- centric tools for appli- 
cation life-cycle management." 

Contact Seapine Software to implement one or more of 
its affordable ALM solutions for your company today. 

^ Seapine Software™ 
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How can you get the visibility and collab- 
oration needed to scale agile software devel- 
opment practices? Through agile project 
management tools. Where can you learn 
best practices and approaches to become 
an agile expert? At Agile University. 
How can you adopt agile with a low-risk, 
incremental approach? Using an award- 
winning, on-demand agile life-cycle man- 
agement solution. Who is the industry leader 
behind these innovations? Rally Software, re- 
cently named to the 2007 SD Times 100, the 
industry's annual listing of leaders and innova- 
Mf^ tors in the field of software development. 

^f No other company delivers such a complete 

mf combination of tools, coaching and knowledge to 

" help companies succeed with agile development. 

Tools for the entire agile life cycle. Rally unites agile pro- 
ject management with tracking of requirements, tests and de- 
fects so everyone has a realtime picture of the project's fea- 
tures and quality, priorities, road blocks and risks. In addition, 
Rally delivers a powerful Enterprise 2.0 collaborative hub, al- 
lowing integration with other enterprise applications and 
role-based tools to help create a ubiquitous data repository. 

"Our vision since the company's inception has been to 
serve as an on-demand hub of information in which devel- 
opment team members can leverage and mash up their fa- 

ADVERTISEMENT 



vorite tools to communicate and collaborate in 
a truly agile environment," explains Ryan 
Martens, founder and chief technology officer, Rally Soft- 
ware. 

Education through Agile University. The innovative 
Agile University (www.agileuniversity.org) is a collabora- 
tive effort to help expand agile practices by offering pub- 
lic courses all over the world. In leading Agile University, 
Rally has helped develop an educational resource for the 
entire agile community, whether teams are just getting 
started with agile or learning how to apply agile practices 
to an entire enterprise. 

On-demand solution for incremental adoption. As a 
powerful, on-demand Web service, Rally frees companies 
from the hidden costs and failed integrations of tradition- 
al application development tools. Rally fits the needs of 
businesses of all sizes, from the largest enterprises to small 
and mid-sized companies everywhere, and its services are 
priced by individual product modules to let customers 
adopt and scale agile adoption at their own pace while pro- 
tecting existing investments. 

"We don't just have the 
tools," Martens concludes. 
"We also deliver service and 
support to adopt agile suc- 
cessfully in an incremental 
manner." 
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As the embedded device industry begins 
the shift to smart, connected embedded de- 
vices, Windows Embedded continues to 
deliver innovation that enables its cus- 
tomers to respond to these changes-of- 
fering the next generation of connected 
experiences to end users and enterprises. 
That's what sets Microsoft's Embedded 
Systems group apart in the 2007 SD Times 
100, the industry's annual listing of leaders 
and innovators in the field of software de- 
velopment. 
With Windows Embedded, Microsoft was 
^■r one of the earliest embedded-platform 

^F providers to respond to the needs of the types of 

ml devices that are becoming increasingly important 

W in embedded device development. With its built-in sup- 
port for rich graphical user interfaces, networking and rich 
user-friendly applications, Windows Embedded has been 
able to meet the needs of many rapidly growing device 
categories such as set-top boxes, GPS handhelds and 
portable media devices. 

Microsoft demonstrated its leadership and innovation 
in the area of software development when Windows Em- 
bedded broke new ground last year with the release of 
Windows Embedded CE 6.0. "CE 6.0 introduced new cell 
core data and voice components, enabling devices to es- 
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tablish data connections and voice calls over 
cellular networks, and takes advantage of 
multimedia capabilities to allow the development of net- 
worked media devices, digital video recorders and Internet 
Protocol TP' set-top boxes," explains Ilya Bukshteyn, di- 
rector of Windows Embedded marketing at Microsoft. 

Windows Embedded has also been innovative in the ex- 
perience it provides developers who face shorter project 
timelines as their devices continue to grow in functional- 
ity. Bukshteyn adds, "By providing our customers with 
componentized and configured platforms, and the familiar 
Visual Studio toolset and the .NET programming model, 
we help them avoid the hassles of assembling multiple 
components from various sources— and in turn, help en- 
sure that they are successful in getting their complex de- 
vice designs to market faster." 

After delivering software platforms for embedded de- 
vices for more than 10 years, Windows Embedded 
(www.microsoft.com/embedded) will continue to support 
its customers in developing smart, connected devices 
that meet the needs of the evolving embedded software- 
development industry. 
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Freescale Ups the Multicore Ante 

Hybrid simulation environment to allow fast-forward to tricky spots 



BY P.J. CONNOLLY 

Technology revolutions don't 
happen overnight; there is rarely 
a single event that one can point 
to as a spark. But in the past few 
years, a revolution in system 
design has been taking place. 
Multicore processor designs are 
emerging, and new require- 
ments for modeling tools are 
forcing vendors to come up with 
new strategies to allow develop- 
ers to wring the most out of the 
silicon. Freescale Semiconduc- 
tor is working on a simulation 
environment for its next proces- 
sor family that may change the 
rules. 

At the end of June, Freescale 
took the wraps off its next-gen- 
eration multicore processor 
architecture at the Freescale 
Technology Forum in Orlando, 
Fla. The new Multi-core Com- 
munications Platform is based 
on 45nm silicon-on-insulator 
(SOI) technology for the initial 
implementations; Freescale's 
plans call for a migration to 
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Source: Freescale Semiconductor 
Freescale's Multi-core Communications Platform can support up to 32 
cores, with a connectivity fabric designed to eliminate on-chip bottlenecks. 



32nm SOI at a later date. 

The platform is designed 
around Freescale's CoreNet con- 
nectivity fabric, which is 
designed to eliminate bottle- 
necks, bus contention and laten- 
cy issues by using a mesh design. 
Accommodating 32 cores and 
more, the design is claimed by 
the company to provide a great 
deal of flexibility in how the 



range of Freescale processor 
cores might be deployed. 

But at first, Freescale's going 
to stick with the e500 core run- 
ning at 1.5GHz, each with its 
own Level 2 (L2) backside 
cache. For instances where a 
shared cache is preferred, such 
as interprocessor communica- 
tion, the design also incorporates 
a multimegabyte L3 cache. 



As one can imagine, debug- 
ging in a multicore world can 
get complicated. The Multi- 
core Communications Platform 
attempts to provide cycle-gran- 
ular performance data without 
adding to system overhead, by 
monitoring each core for cache 
accesses, instruction mix and 
interrupt latencies, and report- 
ing faults such as branch mis- 
predictions and MMU misses. 
Systemwide monitors track bus 
utilization, RMON statistics 
and transaction counts, and flag 
DDR page misses. 

HYBRID SETUP 

The first product samples in the 
Multi-core Communications 
Platform are due in late 2008, 
although the company notes 
that a simulation environment 
for the platform is expected 
from its partner Virtutech by 
the end of this year, allowing 
developers to work on develop- 
ment and system optimization 
ahead of the available silicon, 



expected in 2009. 

The full-system simulation 
environment for the Multi-core 
Communications Platform, 
which Freescale is designing 
with Virtutech, will combine the 
best of the two companies' mod- 
eling technologies in a hybrid 
setup, requiring no instrumenta- 
tion in the application or the 
operating system. This makes it 
possible to experiment with 
schemes for optimizing applica- 
tions and systems using parallel 
processing, partitioning and oth- 
er means. 

The hybrid setup will allow 
developers to toggle between 
fast, functional models and 
detailed cycle-accurate ones, 
while maintaining system state 
visibility and offering runtime 
control of executing software, 
including breakpointing, step- 
ping and reverse execution of 
code. Developers can cut to the 
specific area of interest in the 
code, and reduce the wait for 
test results. I 



iAnywhere Focuses On 
Collaboration, Security 



BY P.J. CONNOLLY 

Mobile devices — from hand- 
helds to laptop computers — 
have become an essential part 
of the corporate infrastructure, 
keeping people connected and 
increasingly collaborative, but 
presenting a challenge to secu- 
rity policies and a danger to the 
integrity of data when devices 
are lost or stolen. 

With an eye to making these 
devices more useful and easier 
to manage, Sybase iAnywhere 



updated its Information Any- 
where suite with enhancements 
to collaboration and security 
features. 

A new package in the suite, 
Information Anywhere Mobile 
IM, extends enterprise mes- 
saging platforms, while work- 
ing with archiving and auditing 
tools. It is aimed at the Nokia 
Eseries, Palm, RIM Blackber- 
ry, Symbian OS and Windows 
Mobile platforms and works 
with IBM Lotus Sametime, 



Jabber's Wildfire and XCP, 
Microsoft Office Live Com- 
munications Server and 
Reuters Messaging. It also can 
be used with public IM net- 
works that use XMPP (Exten- 
sible Messaging and Presence 
Protocol) such as Google Talk 
and Jabber. 

Information Anywhere s new 
laptop security features include 
one-step decommissioning tools 
and two-factor authentication. 
Expanded status reporting 
allows devices to be remotely 
monitored for security inci- 
dents, and data on Fire Wire 
and USB devices can now be 
encrypted automatically, while 
remaining sharable with autho- 
rized users. I 



NOKIA FORUM'S ON THE LAUNCHPAD 



BY P.J. CONNOLLY 

Sometimes, one size doesn't fit 
all. Realizing this, Nokia intro- 
duced at the end of June its 
Forum Nokia Launchpad 
developer offering, designed to 
accelerate mobile application 
development. 

At €800 for a one-year com- 
pany membership, Launchpad 
is designed to appeal to develop- 
ers who may have been left out 
of Nokia's invitation-only Forum 



Nokia Pro community, and 
Launchpad will now serve as a 
first step to Pro membership. 

As one might expect, 
Launchpad members can opt 
for expedited support and get 
early access to technical data, 
including APIs, SDKs and tech- 
nology roadmaps. Profiles of 
member companies can be 
published on the Launchpad 
Web site and in the application 
catalog, identifying the mem- 



bers to Nokia and potential 
customers. Other marketing 
opportunities are available to 
Launchpad members. 

Membership includes a free 
license for the Carbide Devel- 
oper Edition tool set, and dis- 
counts on additional licenses 
and Nokia mobile devices. Dis- 
counts are also offered on 
application signing, books and 
certification exams, and techni- 
cal support case tickets. I 



Microsoft Tool Set For 
Robotics on the Move 



BY P.J. CONNOLLY 

As part of its ongoing effort to 
improve the usefulness of 
robotics, Microsoft announced 
last month an update to devel- 
opment tools that it first 
released in December 2006. 
The company also announced, 
as part of the Robotics Studio 
announcement, that it was 
releasing its SOAP-based 
Decentralized Software Ser- 
vices (DSS) protocol royalty- 
free. 

Microsoft Robotics Studio 
1.5 adds support for the compa- 
ny's latest embedded platforms, 
Windows Embedded CE 6.0 
and Windows Mobile 6. It has 
new functionality, including 
support for Atom/RSS Hog- 
ging, as well as services for ges- 
ture, speech and vision recogni- 
tion, and for SQL database 
integration and UPnP (Univer- 
sal Plug and Play) device dis- 
covery. 

The core Robotics Studio 
runtime files, DSS and the 
Concurrency Coordination 
Runtime, were ported to the 
.NET Compact Framework, 



making it possible to develop 
applications that run on those 
platforms as well as on Win- 
dows Vista and Windows XP 

VPL — the Visual Program- 
ming Language at the heart of 
Robotics Studio — was over- 
hauled in this release, and now 
offers a code generator that 
outputs C#; VPL can also be 
used for developing for Win- 
dows CE and Windows Mobile 
devices. Also in the update is a 
new drag-and-drop DSS mani- 
fest editor, designed to make it 
easier to develop and configure 
software through a graphical 
front end. A new command-line 
tool works with managed C+ + 
code to make use of existing 
code libraries. 

The 3D visual simulation 
environment, based on the 
PhysX engine from Ageia Tech- 
nologies, has seen changes to 
rendering features and the user 
interface. Robotics Studio 1.5 
offers a new material editor, 
and its visual simulations now 
display shadows from a single 
light source or multiple 
sources. I 
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nt. The whole endear 
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mg, careless mistakes on their homework an<a 
stubborn refusal to follow classroom rules. 

No doubt some of those kids who decades ago 
bristled at rote approaches to learning grew up to be pro- 
ponents of things like Extreme Programming, agile processe 
and open source. In the technology environment they're helpi 



to create today — one tl 
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ss good-enough, 
code — defect tracK 



ing can seem old-fashioned and, well, maybe even a bit irrelevant. >y 

However, software professionals contacted at several leading 
providers of defect-tracking-related tools and services brushed aside sug- 
gestions that their importance may be flagging. On the contrary, many said that 
increasing industry complexity is putting a premium on processes of all sorts, 
including logging and prioritizing issues. 

Among the themes that emerged from interviews conducted via a shared Google 
document that takes up 13 pages and includes more than 7,000 words of responses and riffs 
on the subject: Defect tracking is less about listing bugs than fostering communication among 
everyone, from developers to salespeople to customers; defect-tracking tools are indispensable to 
efforts to reproduce bugs and perform regression testing; and such tools should always be flexib 
enough to adapt to the developers using them, not the other way around. 

Axosoft CEO Hamid Shojaee echoed the views of several of his industry peers that a move to adopt light- 
weight and flexible coding processes is among the key trends in software develop- continued on page 36 ► 
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Finding Defects Isn't Glamorous, But 



< continued from page 35 

ment. All processes, including 
defect tracking, are related to 
overhead, and it's controversy- 
free to agree on the importance 
of reducing overhead. 

"There's a catch, however," 
said Shojaee, founder of the 
Scottsdale, Ariz.-based provider 
of bug- tracking and project-man- 
agement applications. "Every 
team — depending on the num- 
ber of individuals working in that 
team, the complexity of the 
applications they are developing 
and the impact of a software fail- 
ure, such as a Space Shuttle 
crash if a software failure 
occurs — has a different ideal 
point for the amount of process 
that would make that team most 
productive." 

For Alberto Savoia, CTO of 
Mountain View, Calif. -based 
Agitar Software, it's most pro- 
ductive to track a laundry list of 
details about each logged 
defect — a view that flies in the 
face of recommendations made 
by agile zealots. 

"When it comes to bugs, I 
not only believe that they 



should be tracked, I believe 
that we should be tracking 
them more closely and include 
more detail in bug reports," 
said Savoia, whose company 
sells products that facilitate and 
augment unit testing. 

Recording more extensive 
information about bugs makes 
it easier to determine effective- 
ness of a novel methodology or 
tool, Savoia continued. For 
example, a team that imple- 
ments developer unit testing as 
a way to identify bugs earlier in 
the development cycle could 
use its defect tracking tool to 
make sure that the end result 
was fewer post-release com- 
plaints and more issues logged 
during development and quali- 
ty assurance, or QA. 

Nathan Rawlins is yet anoth- 
er bug-tracking pundit who 
declared process to be more 
essential than ever. Rawlins' role 
gives him sufficient street cred 
to make that claim. He is a 
senior director of product mar- 
keting at San Mateo, Calif. - 
based Serena Software, a com- 
pany that generated more than 



US$250 million in revenue in 
fiscal year 2007 selling applica- 
tion life-cycle management soft- 
ware, a category that includes 
defect tracking. 

"It may seem counterintu- 
itive, but as individual develop- 
ment teams adopt just-enough 
process,' process actually be- 
comes more important," said 
Rawlins. "The coordination of 
rapid development processes 
with other processes, such as 
testing processes and operational 
release processes, is often over- 
looked when implementing de- 
fect management. Without effec- 
tive coordination, the entire 
development life cycle suffers." 

GET THE BUG BUCKET 

To understand the waxing influ- 
ence of defect tracking, it is 
useful to take a brief historical 
detour. In the 1980s and 1990s, 
many companies cobbled to- 
gether their own defect track- 
ing systems. Implementations 
varied, but the general 
approach was to create a share- 
able list of issues caught by 
testers. Because the intent and 




'Defect management is closely 
tied to many other enterprise 
disciplines and systems. ' 




—Nathan Ra\ 
senior director of product marketing at Serena 



goals of the software project 
were hermetically sealed in the 
requirements document, the 
QA team merely engaged in the 
plug-and-chug exercise of log- 
ging where code fell short of 
requirements. 

Needless to say, things are 
different today. 

"The tracking landscape has 
shifted from disconnected, 
mostly reactive systems to more 
integrated, proactive items," 
said Paul Underberg, a senior 
product manager at TechExcel, 
a vendor of application life- 
cycle management and service 
and support management prod- 
ucts. "Now that teams are mov- 
ing toward more lightweight 
and integrated processes, issues 
must be tracked within their 




context: the specifications, 
requirements, documentation 
and other collateral that is 
needed not only to reproduce 
an issue, but to solve it while 
still maintaining the concepts 
behind the intended behavior. 

"Issues are also tracked at 
every phase of the project, and 
the system is utilized by project 
management, development 
and QA in equal amounts," he 
added. 

Indeed, though it's still easy 
to find lists of products for 
inputting and sorting software 
bugs, the "defect tracking" label 
is starting to feel more like a 
nod to historical tradition than 
contemporary reality. It's possi- 
ble the category is being co- 
opted, a fate that's more com- 
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The SD Times 100 recognizes companies 
for leadership and innovation- and one of 
the companies recognized this year is 
Telerik, creators of the RadControls 
suite for ASP.NET. Not content to 
package a handful of .NET compo- 
nents together and call it a suite, 
Telerik fine-tuned and handcrafted each 
part of RadControls to be best of breed. 
"'A little better' doesn't cut it for us, so we 
are always aiming for breakthrough inno- 
vations-ones that really save time, improve 
productivity, introduce new functionality or 
m ^pF' advance user experience," says Vassil Terziev, 

*^T CEO of Telerik. 

mf RadControls for WinForms is unique, Terziev 

™ explains, because it enables developers to build Windows 
Vista-style and WPF-style applications using classic Win- 
dows Forms (GDI+) technology, a set of APIs that is fa- 
miliar and easy to understand. "As a result, developers can 
build impressive application interfaces that offer features 
like scaling, rotation, Flash-like animations, transparency 
and alpha-blending, without having to learn the new de- 
velopment paradigm of WPF." 

Telerik (www.telerik.com) also brought to market the 
first ASP.NET navigation controls that use semantic ren- 
dering, which render DIVs and CSS classes instead of the 




2007 



heavy HTML tables. "As a result, the HTML 
output of the controls has been decreased by 
more than 70 percent, which directly transfers into faster 
page loading and better runtime performance of the com- 
ponents," explains Terziev. "Historically, we have always 
focused on the performance of our components, but this 
new technology was a clear leap forward." 

Another innovation is Telerik RadAjax, which allows 
developers to AJAX-enable any post-back-based applica- 
tion by simply ticking a few check boxes in a dialog. The 
product requires lines of code while uniquely leveraging 
Microsoft's ASP.NET AJAX engine. "Developers don't 
have to modify their code, place multiple update panels, 
or set numerous triggers in order to use ASP.NET AJAX. 
No other component vendor has managed to create a 
product that makes it so easy to AJAXify an ASP.NET ap- 
plication," says Terziev. 

However, Terziev adds, what sets the company truly 
apart is its passion as much as its unique technology. 
"Telerik genuinely cares about the needs and problems 
of our customers, and we've put customers right in the 
middle of our small universe. Being a customer-centric 
company is truly gratifying. With time, you build a 
community that is com- 
prised not so much of 
happy customers, but of 
real friends." deliver more than expected 
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Increasing Complexity Keeps It Crucial 



mon, or at least more visible, in 
the world of mass-market con- 
sumer software. 

Flickr, acquired by Yahoo in 
2005, provides one of the best 
recent examples of the phenom- 
enon. The popular Web-based 
photo-sharing and tagging tool 
was launched in 2004 as a tool 
created for Ludicorp's Game 
Neverending, a massively multi- 
player online game. Flickr 
proved more popular than the 
game itself, which was soon 
shelved by the Vancouver, British 
Columbia-based Ludicorp. 

Of course, most defect-track- 
ing tools haven't shelved their 
core functionality of allowing 
developers and testers to input 
bugs. Still, it's clear that such 
tools are evolving to serve a dif- 
ferent role, one that's more 
about communication than code. 

"Hardly anyone uses defect- 
tracking systems to track only 
defects," said Daniel Neades, 
director at Araxis, based on the 

C U.K.'s Isle of 

Man. "We actual- 
ly enter 
into our system 



for pretty much anything that 
we need to do in the company. 
Something needs to be changed 
on the Web site? Enter an 
issue. Need to create a market- 
ing document? Enter an issue. 
End-of-year accounts due 
soon? Enter an issue." 

This approach, he continued, 
is simply about prioritizing to-do 
lists, not forgetting anything 
important, and giving everyone 
on the team a reasonable idea 
when assigned tasks and projects 
are likely to be completed. 

"Oh, and it also tells us how 
much it cost to fix each issue," 
added Neades, whose company 
sells software for tracking 
issues, managing projects and 
comparing and merging files. 
"It can be quite sobering for a 
developer to realize that the 
time taken to fix a bug he 
caused cost the company 
$5,000. Developers deserve to 
have that kind of information." 

As more users from QA to 
customer support to marketing 
have begun to find information 
in defect-tracking systems to be 
useful, the pressure has mount 



ed to link such systems to a 
wider array of tools. This is not a 
trivial task, and vendors find 
themselves bumping up against 
another industry truism: While 
human beings are remarkably 
adept at wresting useful data 
from even clunky interfaces, 
automated machine-to-machine 
communication is almost always 
trickier than it sounds. See the 
yet-to-appear semantic Web as 
case in point. 

"Another trend is the grow- 
ing integration and even com- 
bination of defect-tracking 
tools and software configura- 
tion management systems, 
such as Subversion and Per- 
force," said Neades. "I think 
everyone in the industry 
understands the desirability of 
this. Fundamentally, I want to 
be able easily to answer the 
question, 'What source code 
changed to resolve this issue?' 
We've not yet addressed this in 
our own product, but it is high 
on the list of things we know 
we need to do." 

"Defect management is 
closely tied to many other enter- 



prise disciplines and systems," 
said Serena's Rawlins. "An effec- 
tive system will automate the 
connections to other systems and 
processes and coordinate the 
collection and handoff of defect 
information — freeing the project 
team to focus on creating effec- 
tive, quality applications." 

One example of Serena's 
integration efforts: The compa- 
ny was the first to provide 
change management tools that 
directly integrate with the SAP 
R/3 environment. The tools, 
under Serena's ChangeMan 
brand, allow for scheduling and 
coordinating of deployment of 
SAP and non-SAP changes into 
target environments. 

BUG-LOGGING NORMS 

Of course, integration is an oft- 
cited goal throughout the tech 
industry. Software architects 
and evangelists invariably 
promise more plug-and-play 
functionality than is eventually 
delivered. The more blustery 
claims about defect tracking 
morphing into application life- 
cycle management software can 



obscure some of the basic bug- 
logging techniques that are 
norms in the industry. 

Specifics vary, but every tool 
allows for issues to be entered 
and priorities assigned. After 
encountering a bug, one of the 
first decisions a developer or 
tester has to make is just how 
much detail to include. 

"[Being] process-light is 
always desirable, so I tried to 
simplify the main defect form, 
uncluttering it of unnecessary 
fields," said David Atkinson, 
head of testing at Red Gate 
Software, which uses the JIRA 
bug-tracking application provid- 
ed by Atlassian. "My rule is, if 
you don't need to report on the 
field, consider not having it." 

Despite the fact that Red 
Gate makes much noise on its 
Web site about its unique 
approach to relentlessly testing 
code, Atkinson went on to 
describe a process that should 
sound familiar to anyone who's 
ever used a defect-tracking tool 
in earnest. 

Bugs are identified and 
continued on page 38 ► 
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Does your Team do more than just track bugs? 

Alexsys Team doesf Alexsys Team 2 is a itiulci- user Team management system thai provides a 

powerful yet easy way to manage all the members of your team and their tasks - including defect FreePack™ available at EiJflftt* 



Free Trial and Single User 
Fra&Pack™ available at 
www.aleKcorp-Com 



Track all your project tasks in one database so 
you can work together to get projects done. 
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Defect Tracking Lacks Appeal But 



< continued from page 37 

entered by testers and then pri- 
oritized and assigned out to 
developers by a project manag- 
er. Atkinson's testers are encour- 
aged to log even those bugs they 



know will not be fixed in the cur- 
rent release in a "future" bucket. 
This obviously takes time and 
resources but ultimately is more 
attractive than the alternative: 
forgetting a bug's symptoms, the 



steps to reproduce it and other 
relevant thoughts and observa- 
tion of the tester. 

At the start of a new release, 
a project manager is assigned 
what Atkinson acknowledged to 



be the unenviable task of 
reviewing the entire list of 
"futured" bugs. The Red Gate 
ethic of recording everything 
means many of these bugs are 
decidedly minor, a fact that 




leads to occasional pressure to 
close the bugs and make the list 
more manageable. 

"As testers we have resisted 
this, arguing that if it's still a 
valid bug, it should be left 
open," said Atkinson. "The 
compromise was to create a 
'Future — Won't Fix' bucket, 
which is ignored for minor 
releases but may be occasional- 
ly considered for a major 
release." 

It's common sense to tackle 
the high-priority bugs first and 
leave the rest for later. In fact, 
some in the agile crowd suggest 
that in the new everything-is- 
beta world, medium- and low- 
priority bugs should be perma- 
nently ignored. Atkinson 
blanched at this idea and 
instead offered a suggestion for 
tool vendors for their next-gen- 
eration products. 

Developers, many of whom 
prefer to tackle medium- and 
low-priority issues in the same 
functional area as their assigned 
high-priority bugs, need a way 
to edit and annotate bugs in a 
list that is meaningful to them. 
The idea is something akin to 
user-generated tagging that was 
made popular by services like 
Flickr and del.icio.us. 

Today the only option for 
developers looking to tackle 
bugs by functional area rather 
than priority is to sort bugs 
using the "component" field. 
Atkinson noted, however, that 
"this doesn't always group 
together bugs in the same code, 
and it's a chore to edit bugs and 
change this for each one mere- 
ly to group them. If a tool 
offered a way to drag and drop 
bugs in a list, and remembered 
where they were, internally set- 
ting a secondary priority specif- 
ic to the user, it would be most 
welcome." 

WHERE REGRESSION IS GOOD 

Among the many benefits to 
developers coding in an orga- 
nization that uses a defect- 
tracking tool, the ability to eas- 
ily perform regression testing 
tops the list. Regression testing 
aims to catch the inevitable re- 
emergence of bugs as any 
codebase evolves. At least in 
theory, after each new fix or 
feature is added, the entire 
batch of previous test cases 
should be rerun to ensure that 
no new problem has emerged. 
Of course, the reality of con- 
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Its Importance Hasn't Flagged 



strained resources and looming 
deadlines makes this compre- 
hensive approach impossible. 
The best most developer teams 
can do is to make educated 
guesses, a process that's made 
vastly easier by a robust defect- 
tracking tool. 

"If the QA group doesn't 
know what changed and the 
change's effect, they must retest 
every feature," said Richard 
Riccetti, president and CEO of 
Seapine. "It is dangerous to 
take the word of the engineer 
that the code changes, no mat- 
ter how small, have no signifi- 
cant impact." 

"The time-consuming thing 
in bug tracking is not entering 
the bugs and marking them 
fixed; it's the time it takes to 
create a reproducible test case 
and verify that the bugs have 
actually been fixed," echoed 
Agitar's Savoia. "These tasks 
should not be bypassed or con- 
veniently forgotten, and bug 
tracking helps you make sure 
you don't forget about them." 

Like many a teamwide or 
organizational tool, a defect- 
tracking application gets more 
valuable as more people use it. 
Attracting a large cohort of users 
starts well before the tool is pur- 
chased and installed. Perhaps 
paradoxically, the needs of devel- 
opers shouldn't always come first 
as various tools are evaluated. 

EASY TO USE AND CUSTOMIZE 

"Development teams shouldn't 
evaluate the tool on their own; 
the extended project team needs 
to be very involved in the selec- 
tion process," said Rawlins. 
"Otherwise, the development 
team may end up with a tool that 
helps them keep track of their 
bugs, but still leaves them 
spending a lot of time coordinat- 
ing efforts with other project 
groups." 

No matter who is doing the 
evaluating, any tool must meet at 
least two criteria, according to 
those interviewed. The first, said 
Axosoft's Shojaee, is that it should 
stay out of the way of the user 
and be easy to use with little or 
no training. 

Strive for "one-click rather 
than two to get the information 
you need, two input fields 
rather than three to record the 
information, etc.," he said. 

The second must-have is 
easy customization to a team's 
specific needs and preferences. 



And it's this point, emphasized 
repeatedly, that should be 
enough to make some of those 
now-grown-up rule-breakers 
smile. Of course, discipline still 
matters. But success in software 



today is less about coloring 
inside the lines than carving out 
an independent and often high- 
ly specific niche. 

"The days of companies 
changing their processes to 



support tools are nearing an 
end," said Riccetti. "Competi- 
tive advantage is derived from 
doing things differently from 
everyone else. The ability to 
define and change your process 



helps deliver that advantage." 

In other words, the my-way- 
or-the-highway misanthropes are 
getting the last laugh *» 
on their super-strict\^ 
schoolmarms, after all. I 
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FROM THE EDITORS 

No Place For 
Homeland Security 

Certainly there are occasions where national governments can and 
should mandate safety standards. Things like seat belts and proper- 
ly maintained aircraft are obviously good for society, so most consumers 
approve government laws that require automobile makers and airlines to 
follow carefully considered procedures. 

It would seem that the U.S. government (as well as many others) has a 
solid understanding of how cars and airplanes work, and what is required 
to make them safe. This cannot be said of computers and the Internet. 

With the Department of Homeland Security slowly attempting to 
assert its control over America's computer security, the potential for this 
agency to hold sway over secure coding standards is higher than ever. 
However, DHS is the last agency we'd like to see controlling anything 
related to digital security. With more than 800 confirmed intrusions into 
its systems since the department was created, the potential for political 
interference, and the perennial problems filling its top IT czar position, 
DHS is a miasma of red tape and political appointees. 

One of the agencies now controlled by DHS, the National Security 
Agency, would be a better place to develop mandated security standards. 
NSA has a long history of laying out security specifications for computer sys- 
tems. It seems as though NSA is the only digitally competent arm of the fed- 
eral government. The state department, for example, only moved off of Wang 
computers in 2001. And need we mention the Internal Revenue Service? 

With the growing threat of cyber-intrusions from passive-aggressive 
states, as well as private interests and rogue pirates, the concept of gov- 
ernment-mandated standards may soon be law. Let's make sure that 
those laws come from an organization competent to make them. 

The Meaning of Standards 

The question of whether Microsoft is trying to improperly use the stan- 
dards process has arisen, with regard to the company's promotion of 
Office Open XML and XML Paper Specification— OOXML and XPS, for 
short. It appears that Microsoft's idea of a standard is a lot different from ours. 

We remember a day when standards came from the community, from 
rivals who realized the value of cooperating in their common self-inter- 
est. Standards not only solved compatibility problems, but also present- 
ed consistent platforms for future innovation. 

It's one thing for a vendor to want to standardize a specification with 
a record of widespread use going back a decade and more, as Adobe has 
done in sending the Portable Document Format down the path to ISO 
ratification. It's quite another to send brand-new formats to Ecma Inter- 
national on a fast-track process for ISO acceptance, as Microsoft has 
done with OOXML and XPS. 

We're unaware of any implementation of XPS that is independent of the 
.NET Framework. Although vendors are starting to pick up Office Open 
XML as a supported format, only Microsoft's Office 2007 uses it as a default. 

It doesn't seem that Microsoft's motivation with this Ecma effort is to 
improve compatibility, or to develop a consistent platform for future 
innovation. Instead, it seems that Microsoft's goals are merely to ensure 
that OOXML and XPS meet some government requirements that their 
products be "standard" formats. This standards effort doesn't serve the 
public interest, only Microsoft's. 

The community as a whole would be better served if groups like Ecma 
(which has long been a pliant vendor consortium) and the ISO pushed 
back on premature and inappropriate efforts, as Microsoft's OOXML 
and XPS proposals appear to be. 

Standards should serve to improve collaboration and foster the devel- 
opment of new technologies. These Ecma efforts by Microsoft will do 
the exact opposite. We urge Ecma and ISO to reject them until they 
serve the broad interest of technology users and developers. I 



Three Definitions of SOA 



Jan Popkm 



Service-oriented architecture has 
emerged as one of the most dis- 
cussed topics in software development 
today. Attend an IT conference and SOA 
is often one of the featured topics. Mag- 
azine articles tout "how to" case studies 
of SOA implementations and in-depth 
analyses of the technology and its bene- 
fits. Newspapers cover every SOA from 
every angle. 

SOA has become a rich, 
complex term that encom- 
passes much more than a new 
technology. As with the ad- 
vent of any new technology, 
the term SOA has been 
expanded to assume a variety 
of meanings. The most com- 
mon usage refers to SOA as a 
technology that loosely cou- 
ples applications into a ser- 
vice layer. Others talk about SOA as 
the next big thing on the technology 
horizon. SOA can also refer to a con- 
cept that embraces a service-based, 
flexible technology platform that 
increases agility. 

What exactly is meant by the term 
SOA? 

The usage of the term SOA can be 
tied to three definitions, and when dif- 
ferent people are using different defini- 
tions, confusion can be the result: 

1. SOA as a technology. This usage 
is the most common today and discuss- 
es the actual "how to" software behind 
developing and linking services to cre- 
ate an agile IT infrastructure. This 
meaning is reflected in the definition of 
the OASIS Reference Model for SOA 
1.0: "a paradigm for organizing and uti- 
lizing distributed capabilities that may 
be under the control of different owner- 
ship domains." 




2. SOA as an architectural princi- 
ple. This usage is directly tied to SOAs 
adoption as a planning tool that desig- 
nates what services will be designed and 
how they relate to one another over 
time. The SOA concept is viewed as 
part of the goal of using IT to address 
current and future organizational strate- 
gies via reconfiguration. This approach 
defines a new way for tech- 
nology to enable architec- 
ture. OMG reflects this in its 
definition of SOA as "an 
architectural style for a com- 
munity of providers and 
consumers of services to 
achieve mutual value." 

3. SOA as an enterprise 
strategy. The term SOA is 
also being used as a high-lev- 
el concept that encompasses 
people, process and technology into an 
enterprise view At this abstract level, 
SOA is a term not only describing the 
mechanism for IT to deliver against 
business requirements, but also for 
developing an IT infrastructure that is 
easily reconfigurable and flexible, 
enabling an organization to respond 
more rapidly to change. It encompasses 
the idea of developing "composite sys- 
tems" that incorporate new functionality 
without limiting future options. It recog- 
nizes the real promise of SOA as a plat- 
form for rapid change. 

Each part of an organization sees SOA 
from a different perspective, thus the dif- 
ferent meanings. For example, a CEO is 
interested in SOA as a mechanism to help 
achieve corporate agility. A CIO, enter- 
prise architect and business analyst are 
more interested in SOA as an architec- 
tural principle for guiding system recon- 
figuration and change over time. A soft- 
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Chinese SOA Market 

To Increase Tenfold by 2010 

Recent research from IDC indicates that 
the Chinese market for SOA services and 
software will increase from US$50 million 
in 2006 to $500 million by 2010, assuming 
that existing services and processes are 
reused and extended. The report points to 
influences from government as well as 
industry that are driving the adoption of 
data-sharing platforms, at a time when 
state enterprises are facing the need to 
overhaul and upgrade legacy applications. 
Although the temptation to go with the 
short-term savings from a customized 
development strategy may exist, the report 
points out that the long-term returns on a 
SOA investment are worthwhile, even when 
successful large-scale implementations are 
hard to find. 
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ware engineer is interested in service 
implementation and reconfiguration. 

Organizations that recognize the 
benefits of SOA at these various levels 
should see greater success in leveraging 
its benefits. Both long- and short-term 
views are essential. A long-term view 
recognizes that the real benefit of SOA 
is in its application as an architectural 
principle for corporate guidance. By 
taking an enterprise view, organizations 
can more quickly and easily reconfigure 
their services to meet changing market 
conditions or operational demands. 
This delivers on the future promise of 
SOA as a platform for agility. Technolo- 
gy can be more easily reconfigured to 
address change. 

Enterprise architecture is a way to 
realize the promise of SOA at the imple- 
mentation, planning and enterprise lev- 
els. Enterprise architecture provides 
the visualization, analysis and sharing of 
this information from a central reposito- 
ry of data. 

An enterprise architecture provides a 
central platform for people at all levels 
of an organization to see and understand 
their services strategy over time. Organi- 
zations can use the shared vocabulary 
provided by the enterprise architecture 
to communicate about services. Stake- 
holders can ensure services support the 
business goals and strategies of the orga- 
nization. They can evaluate and priori- 
tize service implementation according to 
these goals. This avoids the trap of 
deploying technology without directly 
relating it to the business. 

In essence, an enterprise architec- 
ture provides the intellectual compo- 
nent of SOA because it puts order to the 
randomness of the discrete systems 
being layered to create a SOA environ- 
ment. It helps organizations look beyond 
an IT-centric view of SOA and drive a 
SOA strategy from business require- 
ments, processes, goals and strategies. 
An enterprise architecture map of peo- 
ple, processes and applications aids in 
smarter decision-making about system 
reconfigurability to support business 
goals. This, in turn, helps transform IT 
applications from execution mechanisms 
to key contributors to organizational 
agility. This ensures that organizations 
benefit from the long-term benefits 
offered by SOA. 

Organizations that approach SOA as 
an architectural principle instead of 
another new technology to move data 
will benefit the most from SO As value 
proposition. Enterprise architecture is 
the platform for delivering the knowl- 
edge needed to perform new tasks in 
new ways. With an enterprise architec- 
ture, organizations can avoid the trap of 
formalizing old ways of doing things 
using new technology such as SOA. I 

Jan Popkin is a strategist for Telelogic, 
which sells enterprise architecture man- 
agement and business process modeling 
tools. 



LETTERS TO THE EDITOR 

All About Ant 



I read Andrew Binstock's recent column 
on Ant ["Moving Past Ant," July 1, page 
45] and would like to point out a few solu- 
tions to the problems that he highlights. 

1. "Long scripts are hard to follow 
and, at times, to untangle. This aspect is 
made worse by limited debugging 
options and make-you-crazy error mes- 
sages." Absolutely correct. That's why 
Ant allows you to call other Ant build 
files. This makes it easier to create more 
modular builds. The command-line 
switch "verbose" will give you more 
detailed information about what's going 
wrong in your build. If you're writing 
your own tasks, you can use the AntUnit 
plug-in to test your own tasks. 

2. "The choice of XML also has draw- 
backs: It is not expressive, and it lacks 
proper built-in logical capabilities. To do 
anything involving logic flows, you need 
to drop down to the task level, write 
your logic there, and then reintegrate 
that task with Ant's 'do this, do that' 
design." There's actually another choice. 
You can use any of the Bean Scripting 
Framework's scripting languages (or any 
of the languages supported as part of 
JSR 223 to provide your build with more 
capabilities. It's not always necessary to 
write your own task. See the optional 
Script tag for more details (ant. apache 
.org/manual/OptionalTasks/script.html). 

3. "Ant does not support the concept 
of touch as it is found in make." This is 
not correct (ant.apache.org/manual 
/CoreTasks/touch.html). The "touch" 
task has been around for quite a while. I 
would like to add that if your builds are 
indeed becoming too complex to express 
in Ant, then either something is wrong 
with the way you're trying to use Ant, or 
something is wrong with the way you've 
laid out your projects. I've seen a lot of 
bad build files before, and found that 
most had accumulated all sorts of cruft 
over time and were in need of some 
judicious trimming with Occam's Razor. 

The last thing worth mentioning is 
that most IDEs will handle creating Ant 
files for you. It cuts down on the mainte- 
nance involved and gives you a better 
starting point for your own customiza- 
tions. Net Beans supports this directly. 
And you can use File/Export... /Ant Build- 
files in Eclipse to export your current 
project's build file as an Ant build file. 

Mark Fortner 

RETURN TO CIVILITY 

I could not agree more with Andrew 
Binstock's column "Why Words That 
Wound?" that appeared in the May 15 
issue of SD Times [page 37]. In particu- 
lar the libertarian argument that a code 
of civility amounts to censorship strikes 
me as entirely fatuous. 

The British House of Commons, 
which has seen fierce debate over the 



years, serves as good example. There are 
basic rules and some sense of mutual 
respect. Moderation is provided by the 
speaker of the house. By way of exam- 
ple, John Major, when prime minister, 
was forced to withdraw his summing up 
of Tony Blair, then opposition leader, as 
"a dimwit," yet Labour MP [Member of 
Parliament] Tony Banks managed to get 
away with describing the former Tory 
MP Terry Dicks as "living proof that a 
pig's bladder on the end of a stick can be 
elected to Parliament." 

I'm not suggesting for a second the 
same degree of moderation that keeps a 
country's main democratic institution in 
check is right for a blog forum, but I am 
in total agreement with Mr. Binstock 
that the degree of civility that we express 
to others is. 

Nigel Chanter 

Chief Operating Officer 

Perforce Software 

ROOM FOR MORE 

Did Evans Data Corp. expect me to take 
the word of 400 developers as a sign of a 
global trend ["Developers Trending 
Away From Windows," News on Thurs- 
day, July 5]? While I find it interesting 
that there is that much "work" out there 
for non- Microsoft platforms, there is no 
indication that the market is drying up 
for Microsoft platform developers. Per- 
haps all this study shows is that the 
market is expanding to support the en- 
croaching role Linux plays in the industry, 
not that Linux is replacing the dominant 
players by such large numbers — rather 
it's tagging along in niche roles. 

While I may not give much credence 
to the study itself, perhaps it is a sign to 
take a more than casual look into what 
Linux-based operating systems offer. I 
cannot see anyone replacing the worksta- 
tion environment too soon though; enter- 
tainment is still too well entrenched in 
Mac and Windows — not to mention the 
breadth of deployment in solid productiv- 
ity tools. 

Evans Data performs this survey 
twice a year, yet the sampling is so small 
that even if you were to break that over 
the top three U.S. markets, that cannot 
possibly indicate what trend the industry 
is making — and that is if it were unique 
surveys of separate development centers 
covering client development, server 
development, component development, 
integration tools, migration tools, audio 
visual and entertainment. I think it 
unduly expects the reader to make inap- 
propriate conclusions. 

Matthew Holton 



Letters to SD Times should include the writer's name, 
company affiliation and contact information. Letters 
become the property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 
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Leaders innovate. And innovate. And in- 
novate. Serena has been innovating non- 
stop for 27 years, defining and refining 
the practice of software development. 
Consider how the application life-cycle 
management company broke new 
ground with the Eclipse Application 
Lifecycle Framework (ALF) Project. Or 
how Serena introduced Dimensions 10, 
the world's first ALM solution with end- 
to-end traceability from ideation to deploy- 
ment delivered through a single repository 
and single metadata database. It's for that 
type of work that Serena was recognized as 
one of the SD Times 100, the newspaper's an- 
nual listing of leaders and innovators in the 
field of software development. 

"Serena is exclusively focused on helping our customers 
deliver business applications into production," explains 
Kevin Parker, Serena's vice president of market develop- 
ment. "We don't have hardware to sell, or an IDE. We 
aren't tied to an operating system or a packaged applica- 
tion. We make the products that customers depend on 
every day to ensure they safely deliver business applica- 
tions into production. We have done that for the past 27 
years. We will continue to do that." 
Take the company's work bringing together the visibili- 

ADVERTISEMENT 



ty and control provided by Serena's project 
and portfolio management tool Mariner to 
its industry-leading Dimensions software change and con- 
figuration management tool. "By directly mining the 
metadata created during the development phases, we are 
able to provide the project management office with cur- 
rent status information on projects without the need for 
tedious status meetings," adds Parker. "For the first time, 
the CIO has unprecedented insight to the workings of ap- 
plication development." 

Or take Dimensions 10 itself, the enhanced ALM suite 
Serena introduced late last year. "Now you can trace re- 
quirements to code to tests to builds to deployments no 
matter who you are, where you are or on what platform 
you are working," says Parker. 

"Our customers deploy complex, mission-critical appli- 
cations across the broadest set of architectures and plat- 
forms, and we're with them, at every step, orchestrating 
and enforcing their development practices, and providing 
them with the visibility to run their business effectively," 
explains Parker. Find out why the world's largest enter- 
prises choose Serena technology-contact them today at 
1-800-457-3736 orwww.serena.com. 
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When most developers think about Telelog- 
ic, they think about modeling. When they 
think about modeling and Model Driven De- 
velopment (MDD), they think about Telel- 
ogic, one of the 2007 SD Times 100, the 
annual listing of leaders and innovators 
in software development. 
Telelogic was first to market with prod- 
ucts and services for the Unified Modeling 
Language (UML), the Systems Modeling Lan- 
guage (SysML) and the Department of Defense 
Architecture Framework (DoDAF). Telelogic was 
the first to offer an integrated modeling and re- 
^fc^ quirements management environment, letting de- 

^f velopment teams move from requirements defini- 

mf tion to product design and implementation. 

Telelogic (www.telelogic.com) leads the way in model- 
driven SOA adoption, which extends the company's un- 
paralleled expertise in MDD. "Implementing a process that 
relies on SOA can be a big challenge," says Greg Sikes, ex- 
ecutive vice president of Telelogic's Modeling Solutions 
Product division. "That's why our integrated environment 
includes business process management, enterprise archi- 
tecture, service portfolio management and alignment, ap- 
plication planning and development, business and techni- 
cal requirements management, change management and 
software configuration management." 

ADVERTISEMENT 
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Telelogic offers a model-driven SOA solu- 
tion with System Architect and Tau that lets 
an enterprise visualize the complete business solution and 
drive development of SOA and services. In doing so, de- 
velopment teams can view the business process as well as 
the activities that are related to the service that encapsu- 
late the business process as a solution. 

"Another area where we have broken new ground is the 
integration of our Model Driven Development tools for 
embedded and real-time systems (Telelogic Rhapsody) 
with our heritage communications-protocol design and 
development software (Telelogic SDL Suite)," explains 
Sikes. "This integrated solution supports systems and soft- 
ware engineers who design and develop integrated com- 
munications systems." 

Telelogic's customer commitment is the company's pas- 
sion. "We shape our products and services around our cus- 
tomers," says Sikes. "Customers prefer our solutions be- 
cause of our mix of great people, superior products and 
strong technical know-how. We're the leading global 
provider of software and services for Enterprise Lifecycle 
Management, and customers know our solutions align and 
optimize product, systems and software development life 
cycles with 
business objec- 
tives and cus- 
tomer needs." 
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Four Cores and Several Bits to Go 



Anyone who doubts the role of com- 
petition in driving down prices and 
increasing product capabilities need 
look no further than the Intel-AMD 
spat and the wealth of technology 
advances it has spawned during the past 
two years to become a believer. What 
makes the x86 rivals' competition double 
fun is that the companies are scared of 
each other: Intel was spanked by AMD a 
year or so ago but is now administering 
the spanking. However, the fact that 
AMD could rise up at all has left Intel 
laser- focused on the Sunnyvale, Calif., 
upstart at all points across its product 
line. The net result has been a win for 
consumers: more cores, lower power 
consumption and astonishing perfor- 
mance/cost ratios. 

The saga will take another turn short- 
ly after this column sees the light of day. 
AMD will release its Barcelona quad- 
core processor sometime in August, 
unless there are unexpected delays. Sys- 
tems using the processor will ship in 
September. Barcelona is a bet-the- 
whole-farm gamble by AMD. Intel 
released quad-core Core 2 processors 
in late 2006 and has been steadily 
regaining market share as AMD has had 
no competitive chip. So, if Barcelona 
doesn't hit a home run, AMD's com- 



petitive position will be grave. 

To hedge its bets, AMD has put a lot 
of new technology into Barcelona. The 
most notable of these is a Level 3 (or 
L3) cache that is shared by all the 
cores. This cache gives AMD an inter- 
esting multidesign cache architecture. 
The L2 caches are not shared (as 
opposed to the Intel L2 
caches, which are shared 
across a pair of caches. This 
design by Intel has led some 
analysts to describe Intel 
quad cores as 2x2 proces- 
sors — essentially, a pair of 
dual-core processors wired 
together, which is in fact the 
case). AMD's 4x1 design 
means that no L2 cache is 
shared, so that no L2 cache 
can be flooded by data from another 
core. The drawback of this design is 
that if a core needs more cache than the 
L2's fixed size, it has no way of getting 
it. On a large shared cache, however, 
this situation is not a problem, the 
cache simply evicts old items to free up 
space. Hence, AMD's decision to 
include the shared L3 cache. This 
cache loads data items evicted from LI 
and L2 caches and places them directly 
in the LI cache when the processor 
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needs them. Normally when an item is 
evicted from an outer cache to a lower- 
numbered, faster cache, it is removed 
from the cache it currently occupies. 
AMD's implementation modifies this 
model by keeping an item in the L3 
cache if it's being accessed by any other 
core. By this intelligent design, AMD 
hopes to optimize cache 
usage across cores while 
keeping each core fed as 
much data as possible. 

How this innovative 
scheme will play out perfor- 
mance-wise versus Intel's 
existing quad-core processors 
is hard to estimate. But AMD 
is definitely in a difficult posi- 
tion regarding cache: The 
Xeon processors that shipped 
in March (code-named Clovertown) 
have 8MB of cache spread across four 
cores, while AMD will provide only 
4MB for the same number of cores. 
Although the company has certainly 
added other features, the memory and 
cache management are likely to be deci- 
sive factors influencing performance. 

The performance results are not 
merely another battle in a longstanding 
war, although they surely are that. 
Quad-core is an inflection point that 



developers need to consider carefully. 

On dual-core systems, a single- 
threaded application is not a huge per- 
formance loss. And there is still little 
expectation from users that code should 
use all computing bandwidth. This view 
will change as quad-core becomes the 
norm (in the next 18 to 24 months). 
Then, single-threaded code will no 
longer be sufficient. Some sites see the 
writing on the wall and are beginning to 
move in the direction of multithreading. 
Those sites, in my opinion, need to move 
to quad-core systems, not dual-core. 
Quad-core systems enable optimization 
for 1-, 2- and 4-thread applications, (as 
well as testing for more). Dual-core sys- 
tems, however, do not permit optimiza- 
tion for quad-core, so they are in effect 
already out of date. Likewise, I recom- 
mend that IT departments that have 
missed the dual-core generation skip it 
altogether and go directly to quad-core 
systems. 

If sites move to quad-core quickly, as 
I expect, whoever wins the quad-core 
battle between AMD and Intel is sitting 
pretty for a long time to come. Intel has 
won on schedule; now it remains to be 
seen whether AMD can win on perfor- 
mance. If not, winning on price — a diffi- 
cult road — might be its only option. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 



Knowledge Conies Before Tools 



At a recent Burton Group event, the 
analysts stressed what I've been 
beating to death for years now, that too 
many companies are overspending in 
the SOA space, too early, and are not 
thinking through the core issues. Thus, 
many initial SOA projects are in danger 
of hitting a wall before the core value of 
SOA is understood. 

The Burton analysts stressed that you 
don't need to chase after some enter- 
prise service bus (ESB) with every possi- 
ble option, or try to support the latest 
chic Web services standards to achieve 
service orientation. Indeed, they are 
describing what SOA really is — an archi- 
tecture style — and thus something you 
do, not something you buy. However, 
don't tell the vendors that. 

The hype in the SOA space is raging 
right now, largely due to the amount of 
marketing money that's being spent in 
order to both create and capture the 
demand. You just don't feel like you're a 
true enterprise unless you have an ESB 
and governance tool, no matter that 
you've not figured out how to use them 
yet. 

Indeed the big "SOA stack" players 
are in the market early with enterprise 
license agreements that lock their cus- 
tomer into an all-you-can-eat SOA tech- 
nology buffet that will supposedly pro- 



vide them with solutions to all of their 
SOA needs. The truth is much more 
complex and less exciting. 

In actuality, each enterprise is like a 
snowflake, and the problem patterns 
that are present vary greatly from prob- 
lem domain to problem domain, enter- 
prise to enterprise, as I'm finding in 
both my consulting practice and data 
points with a number of SOA 
practitioners out there. Thus, 
selecting technology before 
you understand your unique 
issues puts your first SOA pro- 
ject at risk and will cost you 
dearly, considering that this is 
the mother of all mistakes that 
you can make here. 

There is much homework 
to be done before you can 
begin shelling out the big dol- 
lars for the big SOA technology, and 
more often than not, you'll find the tech- 
nology that's a fit is not the technology 
you had first thought. Case in point is the 
number of projects I'm finding where 
ESBs are not the correct solution, but 
their early purchase means it's a "force 
fit" — in other words, the project is at 
risk, and at the very least, the solution is 
not optimal. Not that ESBs are bad; they 
are not. However, like any technology, 
ESBs do not fit within all SOAs. The 
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same can be said about SOA governance 
tools, SOA security solutions, service 
development tools and the like. You can 
define your architecture around technol- 
ogy, and the reverse is also true. 

The fact of the matter is that you 
need to go through some iterative steps 
before you can even begin to define 
your technology requirements, and look 
for products that fit them. 

First, you need to under- 
stand your data at the seman- 
tic, metadata and abstraction 
levels. This means a clear 
definition of what's there, 
what's needed and how it 
should be modeled and 
implemented as a part of 
your SOA. Data is the foun- 
dation, services are the exter- 
nalization, and processes are 
the solution. Keep that in mind. 

Second, you need to identify all can- 
didate services, or potential services in 
your domain. This means going on a ser- 
vice-mining expedition, looking at main- 
frames and other enterprise applications 
for core business processes that need to 
be externalized as services for the archi- 
tecture. This means working back from 
screens, APIs and transactions, and the 
creation of a solution for recasting them 



Third, you need to figure out the 
meta-processes that are a part of the 
domain. This will become the foundation 
for your orchestration and/or choreogra- 
phy layers, in essence, defining how the 
services interact and providing a platform 
for driving them together into solutions. 

Beyond all that, you need to figure 
out performance, security, service track- 
ing, service-level agreements, policy 
management, design time, runtime and 
any special needs that your project/ 
domain may have, and there is always 
something that's unique. Then, and only 
then, do you figure out your technology 
requirement. 

Those who jump right into the SOA 
hype pool full of SOA technology are 
finding a few things out. They are not 
solving their problem, they are not using 
best practices, and worst of all, they are 
putting their projects at risk and spend- 
ing too much money in doing so. I'm not 
sure if this is one of those "let the kid 
touch the hot stove" issues, where a few 
painful failures will teach the masses that 
this is the wrong approach, or if I need to 
keep jumping on my soapbox and 
preaching the very unpopular notion that 
SOA is complex and hard, and if you're 
going to make it work, it's going to take 
some work. Sorry to be the buzz-kill, but 
somebody has to speak up. I 

David S. Linthicum is the CEO of the 
Linthicum Group. Reach him at 
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When you think about enterprise data 
management systems, there's a good chance 
that your first thought is of Microsoft SQL 
Server— a fast-growing, well-respected 
relational database system. SQL Server 
is the centerpiece of an industry-lead- 
ing ecosystem, which is why Microsoft 
was named to the 2007 SD Times 100 for 
its database innovation and leadership. 
SQL Server 2005 improves developer 
productivity and reduces time to solution. 
With deep integration with Visual Studio 
2005, SQL Server 2005 takes developers to a 
M ^^ whole new level. 

^p "SQL Server 2005 is a comprehensive solution 

mf for data management and business intelligence, 

W enabling organizations of all sizes to more easily build, 
deliver and manage enterprise data and analytical solu- 
tions.," explains Francois Ajenstat, director, Microsoft SQL 
Server. "We provide a trusted platform for organizations to 
run their most mission-critical applications with the high- 
est levels of security, availability and performance." 

Microsoft's Data Platform vision expands SQL Server from 
being strictly a database to a platform with rich services to 
store and consume any types of data helping customers meet 
the needs of the coming data explosion and the next gener- 
ation of data-driven applications. SQL Server is also a hub of 
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innovation, such as around AD0.NET and the 
SQL Server Compact Edition. 

"The AD0.NET Entity Framework enables developers to 
work with data at a higher and more intuitive level of ab- 
straction—that is, conceptual rather than logical," says 
Ajenstat. "Within this framework, developers can access 
their data by defining business entities, such as customers 
and products, whose data may be stored across several in- 
dividual tables. The framework lets developers focus on 
the concept of, say, finding a customer in a particular re- 
gion instead of having to figure out where or how the log- 
ical data is stored and which tables need to be queried to 
get the needed data. 

The new SQL Server Compact Edition offers a low- 
maintenance, compact embedded database for single-user 
client applications for all Windows platforms including 
Tablet PCs, pocket PCs, smart phones and desktops. SQL 
Server Compact is a free, easy-to-use, lightweight and em- 
beddable version of SQL Server 2005 for developing desk- 
top and mobile applications. 

Microsoft is delivering unique capabilities to its cus- 
tomers enabling richer applications and helping bridge the 
gap between developers and data. Learn more by visiting 
www.microsoft.com/sql today. 

Microsoft 1 

SQLServer 2005 
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The Risks and Rewards of Consulting 



Many software developers will be, at 
some point in their career, consul- 
tants. There are three main routes in 
consulting: being a salaried employee 
whose employer is a consulting firm, 
being "placed" into positions by way of a 
head-hunting consultancy, and being 
truly independent. 

The first is no different from being a 
normal employee, except you'll be worked 
mercilessly, underpaid (and overbilled), 
and surprisingly, you'll be exposed to less 
technology and process diversity than 
you'd likely be exposed to working for a 
single employer. Consulting firms typical- 
ly follow the model of a law office: A small 
number of partners, whose primary job is 
deal-making and maintaining relation- 
ships, make great money by standing at 
the top of a rigidly controlled pyramid. All 
consultancies have a conflict of interest in 
that it is in their best financial interest to 
be depended upon by their clients, but 
large consultancies, which can place 
entire teams, are especially prone to 
shameless behavior: encouraging ambi- 
tious, gold-plated projects with lots of 
integration, promoting Big Design Up 
Front, and extolling the virtues of involv- 
ing the client in "locking down" require- 
ments (thus turning the post-mortem of 
the schedule slips in version 1 into a sell- 



ing opportunity for version 2). While 
younger developers may have a chance to 
see a variety of (troubled) projects, big 
consultancies typically enforce their own 
process zealously, robbing younger devel- 
opers of a broader view. 

Once upon a time, head-hunting con- 
sultancies were a good option. While you 
are working on one project, the 
people at the agency are lining 
up the next. After a few good 
engagements, you come to 
mind quickly for challenging 
assignments. Sure, the head- 
hunters take a commission, 
and on a longer engagement 
you might begrudge that a lit- 
tle, but they also sometimes 
slot together a series of short- 
term engagements, which can 
easily add up to four or five billable weeks 
in a year. Plus, they take care of invoicing 
and overhead, which for even an orga- 
nized individual can easily take up 10 per- 
cent to 20 percent of your work week. 

Unfortunately, the outsourcing boom 
of recent years has driven head-hunters 
toward down-scale volume. Why should 
they try to put together a team of three 
American consultants each looking for 
$50- $75 per hour when they have an end- 
less list of offshore developers who 
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together won't cost as much as a single 
American? While more experienced com- 
panies have learned that offshoring is no 
panacea, the companies that are likely to 
turn to a head-hunting consultancy are 
often more receptive to the (incorrect) 
economic argument that the cost of devel- 
opment is a constant multiple of the cost 
of individual programmers. 

Which brings us to "truly 
independent," a phrase that 
brings a chuckle, since the 
truth is that working for your- 
self is "absolutely dependent." 
You get paid for the hours you 
bill (and, at least once, you'll 
^f P tangle with a client that doesn't 

pay you that). Getting coffee, 
reading SD Times, learning 
Ruby? All good ideas, none of 
which you can charge for. Invoicing, read- 
ing e-mail, scanning relevant blogs? Not 
on your client's dime. Sick days? You can 
take as many as you want, right up until 
they turn off the utilities. 

You're also entirely dependent on the 
satisfaction of your customer, the refer- 
rals from your colleagues, and your 
Google PageRank (the absolute best 
thing you can do for your consulting 
income is be a top return for a program- 
ming niche). And no matter how hard 



Larry 
0'Bmn 



you plan, consulting income is a dramatic 
roller-coaster. Even if you think you're 
fully booked, jobs can simply evaporate. 
(In January, I engaged with a client for 
halftime work for the entire year. So far, 
I've billed two weeks with that client.) 
One disastrous fixed-cost bid can mean 
no out-of-state vacations this year. Transi- 
tioning between engagements is brutal: 
You either end up sitting on your hands 
waiting for a final go-ahead, or you put in 
mind-crushing weeks simultaneously 
doing the intense tasks of spin-down and 
spin-up. (Quick tip: Spin-down is when 
you make or break all your future earn- 
ings with and referrals from that client. 
Financially, it's almost certainly the most 
important time of an engagement.) 

The one thing about independence 
that is overplayed, though, is the idea of 
financial "penalties." The Self- Employ- 
ment Tax, health-insurance premiums 
and IRA donations all hurt, but if your 
employer can find a way to make a prof- 
it from your paying those costs, then 
don't you think you can do the same? 

Now if you'll excuse me, I'm going on 
vacation for a week. Well, six days. You 
know, if I bring a laptop and put in a half- 
day on Friday doing paperwork and mak- 
ing calls, then I'll be able to get some bill- 
able hours the afternoon I get back. . . I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 
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Being a leader is about many things-some 
big, some little. Leaders are innovators with 
new technology. But leaders like Syncfusion 
are also innovators in the small areas that 
impact developers' work, day in and day 
out. That's why Syncfusion is noted as 
one of the 2007 SD Times 100, the indus- 
try's annual listing of leaders and innova- 
tors in the field of software development. 
| Take the big things. Syncfusion offers a wide 
variety of quality components for the Mi- 
crosoft .NET platform, encompassing Windows 
Forms, ASP.NET and the new Windows Presen- 
m^ tation Foundation. Syncfusion's Windows grid 

^f control, known as Essential Grid, is the compo- 

mf nent of choice in the financial industry, and its 

W BackOffice components are widely used in the processing 
of Microsoft Office data on server systems. 

What's more, the company was the first to market with a 
Microsoft Office 2007-style Ribbon control, and even more 
impressively, Syncfusion was the first component vendor to 
support full installation and configuration of its compo- 
nents in a fully Microsoft Vista-compliant manner. That 
means that end users don't have to turn off User Access 
Control (UAC) to install and configure the components. 

The small details count, too-because, frankly, they're not 
truly small. Take licensing, says Stefan Hoenig, CEO of 
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Syncfusion (www.syncfusion.com). "In the 
past, the .NET component market has been di- 
vided along the lines of UI components and non-UI com- 
ponents, such as business components. Syncfusion was the 
first vendor to unify these domains and provide a consis- 
tent set of components for one price with consistent licens- 
ing." Access to source code is another area in which Sync- 
fusion has led the pack: Among the first to offer full source 
code, the company is the only vendor in this space to offer 
a consistent debugging interface to its components. 

Or consider support. In today's global environment, 9- 
to-5 doesn't cut it. "We realize that the business day for 
many of our customers does not begin and end with our 
own, so we moved to introduce 24-hour support on all 
business days," explains Hoenig. "This has been received 
very well by our customers from outside the Americas, 
and this policy has since been adopted by a few other ven- 
dors." That's what defines a leader. 

With a comprehensive suite of components that address 
everything from PDF creation to charting to Visio-like di- 
agramming, Syncfusion is poised to meet the needs of 
every .NET developer. As Hoenig says, "Syncfusion means 
one package. One vendor. One license. One great price." 

■■ 

■■■Syncfusion™ 
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Modeling Down the Line 



It seems that BigLever got its peanut 
butter in Telelogic's chocolate. 

BigLever makes Gears, a complex 
application for managing product line 
development. That involves automating 
the process of creating multiple versions 
of software. For instance, one customer 
might want one set of features in its soft- 
ware, and another customer might want 
a different set, but the 
remainder of the code is the 
same. Handling that diversity 
in the code is what product 
line development is about. 

Meanwhile, Telelogic is 
well known for its full life- 
cycle management suite, but 
a big part of what it offers is 
software modeling, with an 
emphasis on model-driven 
development. That means the 
models are not merely a visualization of 
software but the very foundation upon 
which it's built, providing a higher level 
of abstraction for quick creation and 
deployment of applications. 

In December, prodded by customers 
of both products, the companies got 
together to see how they can make 
BigLevers Gears work with Telelogic's 
Rhapsody modeler, which is heavily used 
by embedded software developers. The 
two chose to work with Rhapsody, as 
opposed to Telelogic's Tau modeler, 
because much of the push was coming 
from customers doing embedded systems 
design, where hardware configurations 
differ but the software functionality 
remains the same. 

Thus, the Rhapsody/Gears Bridge was 
born. Feature profiles are created and 
variation points are built into Rhapsody, 
which are then read and understood by 
the Gears product configurator. So, from 
one model with common elements and 
variation point elements, different itera- 
tions of software can be created. 

Before product line development, 
companies would "clone and own" their 
software. Every product was copied 
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from the same model and then modified 
as needed, resulting in full life cycles for 
each product and a redundancy of work. 
BigLever CEO Charles Krueger said, 
"Eighty percent of what each team was 
doing was the same thing." 

With the variation points now built 
into models, they can apply across soft- 
ware configuration, requirements and 
testing. "Now, the model ele- 
ments in Rhapsody have 
intelligence about being con- 
figured in different ways," 
Krueger said. 

Krueger offered up as an 
example software that is creat- 
ed for telecommunications. 
Requirements include record- 
ing voice, recording video, or 
not recording at all. Those are 
the variation points. The logic 
in the model looks at the feature profile 
being requested and chooses the proper 
variant. The logic is then executed as it 
goes through the Gears product configu- 
rator, all in an automated fashion. 

So, it doesn't matter if BigLever got 
its peanut butter in Telelogic's chocolate, 
or if Telelogic got its chocolate in 
BigLevers peanut butter. For develop- 
ers, the result is one sweet concoction. 

THE VOICE OF SD TIMES 

SD Times has always tailored the deliv- 
ery of news and analysis to serve a vari- 
ety of readers — those of you who prefer 
the depth of a printed newspaper, those 
who go online to find quick, breaking 
stories, and those who need only a brief 
roundup of news to satisfy your informa- 
tion needs. 

Now, we have something for those of 
you who would rather be listeners than 
readers... the SD Times "Week in 
Review" podcast. 

Hosted by yours truly and featuring 
a different industry analyst each week, 
"Week in Review" looks at the major 
events of the week that was, but goes a 
step further. 




For instance, Yankee Group analyst 
Laura Didio in July spoke about volume 
licensing plans and what to avoid, as it 
was the time of year that companies look 
to renew or not renew their software 
agreements. 

Theresa Lanowitz, the veteran analyst 
who's now at her own firm, Voke, gave us 
her view from Orlando about both 
Microsoft's Tech-Ed and IBM's Rational 
Software Development Conference. 

And Forrester Research senior ana- 
lyst Carey Schwaber shared her views 
on release management — a term she 
felt has so many different meanings, 
that the first thing an organization 
must do is define what it's trying to 
accomplish. 

So visit www.bzmedia.com/podcast 
for the kind of freewheeling, insightful 
and relevant commentary you can get 
only from SD Times. I 

David Rubinstein is editor-in-chief of 
SD Times. 



BUSINESS BRIEFS 



WebLayers has secured US$7 million in Series C funding from a tri- 
fecta of investors led by Ascent Venture Partners, and including 
existing partners Cedar Fund and Veritas Venture Partners. The 

company also reported record second-quarter revenue and cus- 
tomer growth. The capital will be allocated toward funding an 
increase in worldwide sales presence and to expand its ability to 
deliver enterprise-class products and to broaden its professional 
services and support capabilities. "We are very impressed with 
WebLayers' blue-chip customer roster, strong partnerships with 
industry leaders, and market-leading technology," stated Geoff 
Oblak, partner at Ascent. Revenue growth was 140 percent higher 
in the second quarter of 2007 than the first quarter of 2007. New 
customer acquisitions added enterprise customers including GE 
Money, Thompson Financial, State Street Bank and Nationwide 
Insurance. WebLayers credits increased demand for SOA Policy 



Management for its growth. Burton Group vice president and 
research director Anne Thomas Manes stated that enterprises are 
now realizing the need to implement policy management as a crit- 
ical step in the SOA governance process to ensure that services 
are designed and developed correctly from the onset . . . Oracle 
has agreed to acquire Bharosa Inc., a provider of authentication 
and fraud detection software, for an undisclosed amount. Oracle 
will add the Bharosa technology to its existing Web single sign-on 
and authorization solutions. The merging of the two companies' 
technologies will result in the ability to extend internal Web single 
sign-on solutions to external users. "Companies need new mecha- 
nisms that complement their existing security solutions so that 
they can better protect themselves from insider threats and mis- 
use from privileged users," Jon Fisher, CEO of Bharosa, said in a 
statement. The deal is expected to close in August. I 



EVENTS CALENDAR 



SCO Tec Forum 


Aug. 5-7 


Las Vegas 




SCO GROUP 




www.sco.com/2007tecforum 




SIGGRAPH 


Aug. 5-9 


San Diego 




ASSOCIATION FOR COMPUTING MACHINERY 


www.siggraph.org/s2007 




LinuxWorld 


Aug. 6-9 


San Francisco 




IDG WORLD EXPO 




www.linuxworldexpo.com 




SHARE 


Aug. 12-17 


San Diego 




SHARE 




www.share.org 




Actuate International 


Aug. 13-15 


User Conference 




Las Vegas 




ACTUATE 




www1.event-projects.com/evo/AIUC2007 




Agile 2007 


Aug. 13-17 


Washington, D.C. 




AGILE ALLIANCE 




www.agile2007.com 





Serena xChange Sept. 9-12 

Global User Conference 

Chicago 

SERENA SOFTWARE 

www.serenainternational.com/News/usergroups.asp 



BEAWorld 

San Francisco 
BEA SOFTWARE 

www.bea.com/beaworld 



Sept. 10-12 



VMworld 2007 

San Francisco 
VMWARE 

www.vmware.com/vmworld 



Sept. 11-13 



VSLive Sept. 16-19 

New York 
1105 MEDIA 

www.ftponline.com/conferences/vslive 

Dreamforce 2007 Sept. 16-19 

San Francisco 
SALESF0RCE.COM 

www.salesforce.com/dreamforce 



High Performance 
on Wall St. 

New York 

FLAGG MANAGEMENT 

www.highperformanceonwallstreet.com 



Sept. 17 



Intel Developer Forum 

San Francisco 
INTEL 

www.intel.com/idf/us/fall2007 



Sept. 18-20 



SD Best Practices 

Boston 
CMP MEDIA 

www.sdexpo.com 



Sept. 18-21 



Software Test Oct. 2-4 

& Performance Conference 

Cambridge, Mass. 
BZ MEDIA 

www.stpcon.com 



EclipseWorld 

Reston, Va. 
BZ MEDIA 

www.eclipseworld.net 



Nov. 6-8 



For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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NetAdvantage for Windows Forms 



-Platform User Experience 



NetAdvantage 



Empower your passion for creating great user interfaces with NetAdvantage 



Empower Your Users - Deliver highly productive, feature rich user interfaces to your 
customers, for Windows Forms, ASP.NET, WPF or JSF 

Leverage Reusable Architectures - Standardize your development process with consistent 
frameworks and tooling (source code included) 

Insure Consistent Look & Feel - Apply global Application Styling™ to brand applications 
across the enterprise (professionally designed style packs included or create your styling 
according to your corporate standards) 

Access Global Support - Interact with teams in London, New York, Tokyo, and Bangalore 
for intelligent code-level product support, via phone, email or 24 hr chat 

Maximize Your Results - Infragistics also offers Ul testing tools for NetAdvantage-powered 
applications, as well as comprehensive mentoring, training and consulting services 
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Powering The Presentation Layer 



Infragistics Sales - 800 231 8588 

Infragistics Europe Sales - +44 (0) 800 298 9055 



Your enterprise partner for user interface development 




NetAdvantage® for ASP.NET 
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NetAdvantage® for wpf 










NetAdvantage® for JSF 
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Ship Software OnTime! 
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HOSTED OR INSTALLED 

OnTime works the way you do. Run it locally 
or hosted under the environnnent(s) that best 
suits your business needs: 

• Windows 

• Web 

• VisualSiudio.NET 
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Project Management 

for software development teams 

AGILE * SCRUM • EXTREME 
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OnTime 2007 



INTEGRATED 

bug tracking • requirements management 

help desk incident & ticket tracking 





OnTime 200 






Visit oxosoft.com for downloads [free single-user licenses & free 30-day team trials), 
live web demos, overview and tutorial videos, blogs. forums, and much more. We 
won't waste your time — we'll heip you ship software on time. Guaranteed. 



www.axosoft.com 



FREE 1-user license & 

30-day team trials 

No- Hassle Download! 



VISIT vlBRAf 



IBRANT COMMUNITY 

communlty.axosoft.com 



